research-article

Longitudinal Adversarial Attack on Electronic Health Records Data

Authors:

Walter F. Stewart,

Jimeng SunAuthors Info & Claims

WWW '19: The World Wide Web Conference

Pages 2558 - 2564

https://doi.org/10.1145/3308558.3313528

Published: 13 May 2019 Publication History

Abstract

Although deep learning models trained on electronic health records (EHR) data have shown state-of-the-art performance in many predictive clinical tasks, the discovery of adversarial examples (i.e., input data that are engineered to cause misclassification) has exposed vulnerabilities with lab and imaging data. We specifically consider adversarial examples with longitudinal EHR data, an area that has not been previously examined because of the challenges with temporal high-dimensional and sparse features. We propose Longitudinal AdVersarial Attack (, a saliency score based adversarial example using a method that requires a minimal number of perturbations and that automatically minimizes the likelihood of detection. Features are selected and modified by jointly modeling a saliency map and attention mechanism. Experimental results with longitudinal EHR data show that an substantially reduce model performance for attention-based target models (from AUPR = 0.5 to AUPR = 0.08).

References

[1]

Dzmitry Bahdanau, Kyunghyun Cho, and Yoshua Bengio. 2014. Neural machine translation by jointly learning to align and translate. arXiv preprint arXiv:1409.0473(2014).

[2]

Edward Choi, Mohammad Taha Bahadori, Andy Schuetz, Walter F Stewart, and Jimeng Sun. 2016. Doctor ai: Predicting clinical events via recurrent neural networks. In Machine Learning for Healthcare Conference. 301-318.

[3]

Edward Choi, Mohammad Taha Bahadori, Le Song, Walter F Stewart, and Jimeng Sun. 2017. GRAM: Graph-based attention model for healthcare representation learning. In SIGKDD.

Digital Library

[4]

Edward Choi, Mohammad Taha Bahadori, Jimeng Sun, Joshua Kulas, Andy Schuetz, and Walter Stewart. 2016. RETAIN: An Interpretable Predictive Model for Healthcare using Reverse Time Attention Mechanism. In Advances in Neural Information Processing Systems 29, D. D. Lee, M. Sugiyama, U. V. Luxburg, I. Guyon, and R. Garnett (Eds.). Curran Associates, Inc., 3504-3512.

Digital Library

[5]

Edward Choi, Andy Schuetz, Walter F Stewart, and Jimeng Sun. 2016. Using recurrent neural network models for early detection of heart failure onset. Journal of the American Medical Informatics Association 24, 2(2016), 361-370.

[6]

Jan K Chorowski, Dzmitry Bahdanau, Dmitriy Serdyuk, Kyunghyun Cho, and Yoshua Bengio. 2015. Attention-based models for speech recognition. In Advances in neural information processing systems. 577-585.

Digital Library

[7]

Samuel G Finlayson, Isaac S Kohane, and Andrew L Beam. 2018. Adversarial Attacks Against Medical Deep Learning Systems. arXiv preprint arXiv:1804.05296(2018).

[8]

Ian Goodfellow, Yoshua Bengio, and Aaron Courville. 2016. Deep Learning. MIT Press. http://www.deeplearningbook.org.

Digital Library

[9]

Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572(2014).

[10]

Jerry H Gurwitz, David J Magid, David H Smith, Robert J Goldberg, David D McManus, Larry A Allen, Jane S Saczynski, Micah L Thorp, Grace Hsu, Sue Hee Sung, 2013. Contemporary prevalence and correlates of incident heart failure with preserved ejection fraction. The American journal of medicine 126, 5 (2013), 393-400.

[11]

Karl Moritz Hermann, Tomas Kocisky, Edward Grefenstette, Lasse Espeholt, Will Kay, Mustafa Suleyman, and Phil Blunsom. 2015. Teaching machines to read and comprehend. In Advances in Neural Information Processing Systems. 1693-1701.

Digital Library

[12]

Robin Jia and Percy Liang. 2017. Adversarial examples for evaluating reading comprehension systems. arXiv preprint arXiv:1707.07328(2017).

[13]

Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533(2016).

[14]

Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236(2016).

[15]

Zachary C Lipton, David C Kale, Charles Elkan, and Randall Wetzell. 2016. Learning to diagnose with LSTM recurrent neural networks. In ICLR.

[16]

Tengfei Ma, Cao Xiao, and Fei Wang. 2018. Health-ATM: A Deep Architecture for Multifaceted Patient Health Record Representation and Risk Prediction. In Proceedings of the 2018 SIAM International Conference on Data Mining. SIAM, 261-269.

[17]

Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083(2017).

[18]

Volodymyr Mnih, Nicolas Heess, Alex Graves, 2014. Recurrent models of visual attention. In Advances in neural information processing systems. 2204-2212.

Digital Library

[19]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal adversarial perturbations. arXiv preprint (2017).

[20]

Seyed Mohsen Moosavi Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2016. Deepfool: a simple and accurate method to fool deep neural networks. In Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[21]

Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z Berkay Celik, and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 506-519.

Digital Library

[22]

Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z Berkay Celik, and Ananthram Swami. 2016. The limitations of deep learning in adversarial settings. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on. IEEE, 372-387.

[23]

Adam Paszke, Sam Gross, Soumith Chintala, Gregory Chanan, Edward Yang, Zachary DeVito, Zeming Lin, Alban Desmaison, Luca Antiga, and Adam Lerer. 2017. Automatic differentiation in PyTorch. In NIPS-W.

[24]

T. Pham, T. Tran, D. Phung, and S. Venkatesh. 2017. Predicting healthcare trajectories from medical records: A deep learning approach.J. Biomed. Inform. (2017).

[25]

Ning Qian. 1999. On the momentum term in gradient descent learning algorithms. Neural networks 12, 1 (1999), 145-151.

Digital Library

[26]

Mengying Sun, Fengyi Tang, Jinfeng Yi, Fei Wang, and Jiayu Zhou. 2018. Identify Susceptible Locations in Medical Records via Adversarial Attacks on Deep Predictive Models. arXiv preprint arXiv:1802.04822(2018).

[27]

Rajakrishnan Vijayakrishnan, Steven R Steinhubl, Kenney Ng, Jimeng Sun, Roy J Byrd, Zahra Daar, Brent A Williams, Shahram Ebadollahi, Walter F Stewart, 2014. Prevalence of heart failure signs and symptoms in a large primary care population identified through the use of text and data mining of the electronic health record. J. Card. Fail. 20, 7 (2014), 459-464.

[28]

Kelvin Xu, Jimmy Ba, Ryan Kiros, Kyunghyun Cho, Aaron Courville, Ruslan Salakhudinov, Rich Zemel, and Yoshua Bengio. 2015. Show, attend and tell: Neural image caption generation with visual attention. In International Conference on Machine Learning. 2048-2057.

Digital Library

[29]

Zhengli Zhao, Dheeru Dua, and Sameer Singh. 2017. Generating natural adversarial examples. arXiv preprint arXiv:1710.11342(2017).

Cited By

Li ZPiao SDong CChen W(2024)Robustness Analysis on Self-ensemble Models in Time Series ClassificationDatabases Theory and Applications10.1007/978-981-96-1242-0_1(3-16)Online publication date: 13-Dec-2024
https://doi.org/10.1007/978-981-96-1242-0_1
Wu XGao JBilal MDai FXu XQi LDou W(2023)Federated learning‐based private medical knowledge graph for epidemic surveillance in internet of thingsExpert Systems10.1111/exsy.13372Online publication date: 11-Jun-2023
https://doi.org/10.1111/exsy.13372
Khriji LBouaafia SMessaoud SAmmari AMachhout M(2023)Secure Convolutional Neural Network-Based Internet-of-Healthcare ApplicationsIEEE Access10.1109/ACCESS.2023.326658611(36787-36804)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3266586
Show More Cited By

Recommendations

Towards longitudinal analysis of a population's electronic health records using factor graphs
BDCAT '16: Proceedings of the 3rd IEEE/ACM International Conference on Big Data Computing, Applications and Technologies

In this feasibility study, we demonstrate the use of a factor-graph-based probabilistic graphical model approach to process longitudinal data derived from a population's electronic health records (EHR). Processing of EHR allows for fore-casting patient-...
Electronic health records: how can IS researchers contribute to transforming healthcare?

Electronic health records (EHR) facilitate integration of patient health history for planning safe and proper treatment. Combined with data analytics, aggregate-level EHR enable examination and development of effective medicines and therapies for ...
Electronic Health Records and Cyber Hygiene: A Qualitative Study of the Awareness, Knowledge, and Experience of Physicians in Kuwait
ABSTRACT
Threats against electronic medical and health records are on the rise. These threats include phishing attacks, malware and ransomware, encryption blind spots, cloud threats, and most important one is the internal threat caused by gaps in the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '19: The World Wide Web Conference

May 2019

3620 pages

ISBN:9781450366748

DOI:10.1145/3308558

Editors:
Ling Liu
Georgia Tech, USA
,
Ryen White
Microsoft Research, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

IW3C2: International World Wide Web Conference Committee

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 May 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

WWW '19

WWW '19: The Web Conference

May 13 - 17, 2019

CA, San Francisco, USA

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
753
Total Downloads

Downloads (Last 12 months)57
Downloads (Last 6 weeks)7

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li ZPiao SDong CChen W(2024)Robustness Analysis on Self-ensemble Models in Time Series ClassificationDatabases Theory and Applications10.1007/978-981-96-1242-0_1(3-16)Online publication date: 13-Dec-2024
https://doi.org/10.1007/978-981-96-1242-0_1
Wu XGao JBilal MDai FXu XQi LDou W(2023)Federated learning‐based private medical knowledge graph for epidemic surveillance in internet of thingsExpert Systems10.1111/exsy.13372Online publication date: 11-Jun-2023
https://doi.org/10.1111/exsy.13372
Khriji LBouaafia SMessaoud SAmmari AMachhout M(2023)Secure Convolutional Neural Network-Based Internet-of-Healthcare ApplicationsIEEE Access10.1109/ACCESS.2023.326658611(36787-36804)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3266586
Razmi FLou JHong YXiong L(2023)Interpretation Attacks and Defenses on Predictive Models Using Electronic Health RecordsMachine Learning and Knowledge Discovery in Databases: Research Track10.1007/978-3-031-43418-1_27(446-461)Online publication date: 17-Sep-2023
https://doi.org/10.1007/978-3-031-43418-1_27
Rodriguez DNayak TChen YKrishnan RHuang Y(2022)On the role of deep learning model complexity in adversarial robustness for medical imagesBMC Medical Informatics and Decision Making10.1186/s12911-022-01891-w22:S2Online publication date: 20-Jun-2022
https://doi.org/10.1186/s12911-022-01891-w
Ye MLuo JZheng GXiao CXiao HWang TMa F(2022)MedAttacker: Exploring Black-Box Adversarial Attacks on Risk Prediction Models in Healthcare2022 IEEE International Conference on Bioinformatics and Biomedicine (BIBM)10.1109/BIBM55620.2022.9994898(1777-1780)Online publication date: 6-Dec-2022
https://doi.org/10.1109/BIBM55620.2022.9994898
Ayem GThandekkattu SVajjhala N(2022)Adopting a Blockchain-Based Algorithmic Model for Electronic Healthcare Records (EHR) in NigeriaNext Generation of Internet of Things10.1007/978-981-19-1412-6_14(167-175)Online publication date: 27-Sep-2022
https://doi.org/10.1007/978-981-19-1412-6_14
Jin DSergeeva EWeng WChauhan GSzolovits P(2022)Explainable deep learning in healthcare: A methodological survey from an attribution viewWIREs Mechanisms of Disease10.1002/wsbm.154814:3Online publication date: 17-Jan-2022
https://doi.org/10.1002/wsbm.1548
Watson MAl Moubayed N(2021)Attack-agnostic Adversarial Detection on Medical Data Using Explainable Machine Learning2020 25th International Conference on Pattern Recognition (ICPR)10.1109/ICPR48806.2021.9412560(8180-8187)Online publication date: 10-Jan-2021
https://doi.org/10.1109/ICPR48806.2021.9412560
Zhang RZhang WLiu NWang J(2021)Susceptible Temporal Patterns Discovery for Electronic Health Records via Adversarial AttackDatabase Systems for Advanced Applications10.1007/978-3-030-73200-4_29(429-444)Online publication date: 11-Apr-2021
https://dl.acm.org/doi/10.1007/978-3-030-73200-4_29
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents