MedAttacker: Exploring Black-Box Adversarial Attacks on Risk Prediction Models in Healthcare

Muchao Ye, Junyu Luo, Guanjie Zheng, Cao Xiao, Houping Xiao, Ting Wang, Fenglong Ma

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Researchers have conduct adversarial attacks against deep neural networks (DNNs) for health risk prediction in the white/gray-box setting to evaluate their robustness. However, since most real-world solutions are trained by private data and released as black-box services on the cloud, we should investigate their robustness in the black-box setting. Unfortunately, existing work ignores to consider the uniqueness of electronic health records (EHRs). To fill this gap, we propose the first black-box adversarial attack method against health risk prediction models named MedAttacker to investigate their vulnerability. It addresses the challenges brought by EHRs via two steps: hierarchical position selection which selects the attacked positions in a reinforcement learning (RL) framework and substitute selection which identifies substitutes with a score-based principle. Particularly, by considering the temporal context inside EHRs, MedAttacker initializes its RL position selection policy by using the contribution score of each visit and the saliency score of each code, which can be well integrated with the deterministic substitute selection process decided by the score changes. We evaluate MedAttacker by attacking three advanced risk prediction models in the black-box setting across multiple real-world datasets, and MedAttacker consistently achieves the highest average success rate and even outperforms a recent white-box EHR adversarial attack technique in certain cases.

Original languageEnglish (US)
Title of host publicationProceedings - 2022 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2022
EditorsDonald Adjeroh, Qi Long, Xinghua Shi, Fei Guo, Xiaohua Hu, Srinivas Aluru, Giri Narasimhan, Jianxin Wang, Mingon Kang, Ananda M. Mondal, Jin Liu
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1777-1780
Number of pages4
ISBN (Electronic)9781665468190
DOIs
StatePublished - 2022
Event2022 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2022 - Las Vegas, United States
Duration: Dec 6 2022Dec 8 2022

Publication series

NameProceedings - 2022 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2022

Conference

Conference2022 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2022
Country/TerritoryUnited States
CityLas Vegas
Period12/6/2212/8/22

All Science Journal Classification (ASJC) codes

  • Psychiatry and Mental health
  • Information Systems and Management
  • Biomedical Engineering
  • Medicine (miscellaneous)
  • Cardiology and Cardiovascular Medicine
  • Health Informatics

Fingerprint

Dive into the research topics of 'MedAttacker: Exploring Black-Box Adversarial Attacks on Risk Prediction Models in Healthcare'. Together they form a unique fingerprint.

Cite this