Security and Privacy in Machine Learning for Health Systems: Strategies and Challenges

Overview

Journal Yearb Med Inform

Publisher Thieme

Specialty Medical Informatics

Date 2023 Dec 26

PMID 38147869

Authors

Erikson J de Aguiar

Caetano Traina Jr

Agma J M Traina

Affiliations

Soon will be listed here.

Abstract

Objectives: Machine learning (ML) is a powerful asset to support physicians in decision-making procedures, providing timely answers. However, ML for health systems can suffer from security attacks and privacy violations. This paper investigates studies of security and privacy in ML for health.

Methods: We examine attacks, defenses, and privacy-preserving strategies, discussing their challenges. We conducted the following research protocol: starting a manual search, defining the search string, removing duplicated papers, filtering papers by title and abstract, then their full texts, and analyzing their contributions, including strategies and challenges. Finally, we collected and discussed 40 papers on attacks, defense, and privacy.

Results: Our findings identified the most employed strategies for each domain. We found trends in attacks, including universal adversarial perturbation (UAPs), generative adversarial network (GAN)-based attacks, and DeepFakes to generate malicious examples. Trends in defense are adversarial training, GAN-based strategies, and out-of-distribution (OOD) to identify and mitigate adversarial examples (AE). We found privacy-preserving strategies such as federated learning (FL), differential privacy, and combinations of strategies to enhance the FL. Challenges in privacy comprehend the development of attacks that bypass fine-tuning, defenses to calibrate models to improve their robustness, and privacy methods to enhance the FL strategy.

Conclusions: In conclusion, it is critical to explore security and privacy in ML for health, because it has grown risks and open vulnerabilities. Our study presents strategies and challenges to guide research to investigate issues about security and privacy in ML applied to health systems.

Citing Articles

Informatics for One Health.

Fultz Hollis K, Mougin F, Soualmia L Yearb Med Inform. 2024; 32(1):2-6.

PMID: 38575142 PMC: 10994713. DOI: 10.1055/s-0043-1768757.

Machine and Deep Learning Dominate Recent Innovations in Sensors, Signals and Imaging Informatics.

Baumgartner C, Rittner L, Deserno T Yearb Med Inform. 2023; 32(1):282-285.

PMID: 38147870 PMC: 10751153. DOI: 10.1055/s-0043-1768743.

References

Silva J, Pinho E, Monteiro E, Silva J, Costa C . Controlled searching in reversibly de-identified medical imaging archives. J Biomed Inform. 2017; 77:81-90. DOI: 10.1016/j.jbi.2017.12.002. View

Venugopal R, Shafqat N, Venugopal I, Tillbury B, Stafford H, Bourazeri A . Privacy preserving Generative Adversarial Networks to model Electronic Health Records. Neural Netw. 2022; 153:339-348. DOI: 10.1016/j.neunet.2022.06.022. View

Minagi A, Hirano H, Takemoto K . Natural Images Allow Universal Adversarial Attacks on Medical Image Classification Using Deep Neural Networks with Transfer Learning. J Imaging. 2022; 8(2). PMC: 8875959. DOI: 10.3390/jimaging8020038. View

Apostolidis K, Papakostas G . Digital Watermarking as an Adversarial Attack on Medical Image Analysis with Deep Learning. J Imaging. 2022; 8(6). PMC: 9225333. DOI: 10.3390/jimaging8060155. View

Hirano H, Minagi A, Takemoto K . Universal adversarial attacks on deep neural networks for medical image classification. BMC Med Imaging. 2021; 21(1):9. PMC: 7792111. DOI: 10.1186/s12880-020-00530-y. View

Maliamanis T, Apostolidis K, Papakostas G . How Resilient Are Deep Learning Models in Medical Image Analysis? The Case of the Moment-Based Adversarial Attack (Mb-AdA). Biomedicines. 2022; 10(10). PMC: 9599099. DOI: 10.3390/biomedicines10102545. View

Feki I, Ammar S, Kessentini Y, Muhammad K . Federated learning for COVID-19 screening from Chest X-ray images. Appl Soft Comput. 2021; 106:107330. PMC: 7979273. DOI: 10.1016/j.asoc.2021.107330. View

Ziller A, Usynin D, Braren R, Makowski M, Rueckert D, Kaissis G . Medical imaging deep learning with differential privacy. Sci Rep. 2021; 11(1):13524. PMC: 8242021. DOI: 10.1038/s41598-021-93030-0. View

Xu M, Zhang T, Zhang D . MedRDF: A Robust and Retrain-Less Diagnostic Framework for Medical Pretrained Models Against Adversarial Attack. IEEE Trans Med Imaging. 2022; 41(8):2130-2143. DOI: 10.1109/TMI.2022.3156268. View

10.

Zhou Q, Zuley M, Guo Y, Yang L, Nair B, Vargo A . A machine and human reader study on AI diagnosis model safety under attacks of adversarial images. Nat Commun. 2021; 12(1):7281. PMC: 8671500. DOI: 10.1038/s41467-021-27577-x. View

11.

Finlayson S, Bowers J, Ito J, Zittrain J, Beam A, Kohane I . Adversarial attacks on medical machine learning. Science. 2019; 363(6433):1287-1289. PMC: 7657648. DOI: 10.1126/science.aaw4399. View

12.

Allyn J, Allou N, Vidal C, Renou A, Ferdynus C . Adversarial attack on deep learning-based dermatoscopic image recognition systems: Risk of misdiagnosis due to undetectable image perturbations. Medicine (Baltimore). 2020; 99(50):e23568. PMC: 7738012. DOI: 10.1097/MD.0000000000023568. View

13.

Rodriguez D, Nayak T, Chen Y, Krishnan R, Huang Y . On the role of deep learning model complexity in adversarial robustness for medical images. BMC Med Inform Decis Mak. 2022; 22(Suppl 2):160. PMC: 9208111. DOI: 10.1186/s12911-022-01891-w. View

14.

Liu S, Setio A, Ghesu F, Gibson E, Grbic S, Georgescu B . No Surprises: Training Robust Lung Nodule Detection for Low-Dose CT Scans by Augmenting With Adversarial Attacks. IEEE Trans Med Imaging. 2020; 40(1):335-345. DOI: 10.1109/TMI.2020.3026261. View

15.

Aiello M, Cavaliere C, DAlbore A, Salvatore M . The Challenges of Diagnostic Imaging in the Era of Big Data. J Clin Med. 2019; 8(3). PMC: 6463157. DOI: 10.3390/jcm8030316. View

16.

Thambawita V, Isaksen J, Hicks S, Ghouse J, Ahlberg G, Linneberg A . DeepFake electrocardiograms using generative adversarial networks are the beginning of the end for privacy issues in medicine. Sci Rep. 2021; 11(1):21896. PMC: 8578227. DOI: 10.1038/s41598-021-01295-2. View