Creating Adversarial Examples for Machine Learning Models in Healthcare

From REU@MU
Revision as of 19:13, 25 August 2020 by Snemoto (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Student Researcher: Shota Nemoto

Mentor: Dr. Debbie Perouli

Project Description

In the near future, the U.S. will experience a severe shortage of Registered Nurses. A proposed solution is the development of Robotic Caregivers (RCGs), both service and social robots, which will be able to provide care autonomously. Commercial service robots that are currently available, such as Temi and Loomo, provide APIs for developers to create applications for these RCGs. Many applications will input sensor data into machine learning models, which may leave it vulnerable to attack from an adversary attempting to retrieve a patient’s personal data or fool a model into mislabeling or misclassifying an input.

The objective of this project is to evaluate the performance of an adversarial attack on these robots. The attack being evaluated is an evasion attack called Hop Skip Jump attack. The model the attack is evaluated on is a neural network developed for detecting arrhythmia using an electrocardiogram.

Milestones and Goals

Week Description
1: Orientation
  • Meet other REU students and mentors
  • Learn basic data science concepts
2: Initial Reading
  • Investigate API for Temi and Loomo robots.
  • Learn about adversarial networks and potential attacks by looking at recent conferences, workshops, and journals published.
  • Find a specific adversarial attack to research
3: Form Research Hypothesis
  • Investigate deeper into selected adversarial attack
  • Form research hypothesis
4: Design Experiements and Methodology
  • Recreate L-BFGS-B method for finding adversarial examples
  • Learn about finding the Jacobian of a neural network
  • Find other potential optimization methods for finding adversarial examples
5: Begin Poster and Paper Creation
  • Present Current Progress
  • Recreate a Black-Box Adversarial Attack
6: Implement System
  • Recreate Hop Skip Jump Attack on a simple MNIST model
  • Find a healthcare model to attack
7: Run Experiments
  • Train model for arrhythmia detection on electrocardiograms (ECGS)
  • Adapt Hop Skip Jump Attack to apply to arrhythmia model
  • Generate some adversarial electrocardiograms
8: Evaluation
  • Automate creation of adversarial examples on ECG dataset
  • Gather statistics and evaluate success of algorithm
9: Finalize Poster and Paper
  • Create graphics for poster and paper
  • Write descriptions of experiments and methods
  • Adjust parameters for Hop Skip Jump Attack and create more adversarial ECGs as needed
10: Present Research
  • Finish / Polish final poster and paper
  • Present Poster