ABSTRACT
Rapidly increasing adoption of electronic health record (EHR) systems has caused automated medical specialty classification to become an important research field. Medical specialty classification not only improves EHR system retrieval efficiency and helps general practitioners identify urgent patient issues but also is useful in studying the practice and validity of clinical referral patterns. However, currently available medical note data are imbalanced and insufficient. In addition, medical specialty classification is a multicategory problem, and it is not easy to remove sensitive information from numerous medical notes and tag them. To solve those problems, we propose a data augmentation method based on adversarial attacks. The semiadversarial examples generated during the dynamic process of adversarial attacking are added to the training set as augmented examples, which can effectively expand the coverage of the training data on the decision space. Besides, as nouns in medical notes are critical information, we design a classification framework incorporating probabilistic information of nouns, with confidence recalculation after the softmax layer. We validate our proposed method on an 18-class dataset with extremely unbalanced data, and comparison experiments with four benchmarks show that our method improves accuracy and F1 score to the optimal level, by an average of 14.9%.
Subject(s)
Electronic Health Records , Medicine , Humans , SoftwareABSTRACT
Recent studies have found that medical images are vulnerable to adversarial attacks. However, it is difficult to protect medical imaging systems from adversarial examples in that the lesion features of medical images are more complex with high resolution. Therefore, a simple and effective method is needed to address these issues to improve medical imaging systems' robustness. We find that the attackers generate adversarial perturbations corresponding to the lesion characteristics of different medical image datasets, which can shift the model's attention to other places. In this paper, we propose global attention noise (GATN) injection, including global noise in the example layer and attention noise in the feature layers. Global noise enhances the lesion features of the medical images, thus keeping the examples away from the sharp areas where the model is vulnerable. The attention noise further locally smooths the model from small perturbations. According to the characteristic of medical image datasets, we introduce Global attention lesion-unrelated noise (GATN-UR) for datasets with unclear lesion boundaries and Global attention lesion-related noise (GATN-R) for datasets with clear lesion boundaries. Extensive experiments on ChestX-ray, Dermatology, and Fundoscopy datasets show that GATN improves the robustness of medical diagnosis models against a variety of powerful attacks and significantly outperforms the existing adversarial defense methods. To be specific, the robust accuracy is 86.66% on ChestX-ray, 72.49% on Dermatology, and 90.17% on Fundoscopy under PGD attack. Under the AA attack, it achieves robust accuracy of 87.70% on ChestX-ray, 66.85% on Dermatology, and 87.83% on Fundoscopy.
Subject(s)
Computer Security , Diagnostic ImagingABSTRACT
Convolutional neural networks (CNNs) have been successfully applied to various fields. However, CNNs' overparameterization requires more memory and training time, making it unsuitable for some resource-constrained devices. To address this issue, filter pruning as one of the most efficient ways was proposed. In this article, we propose a feature-discrimination-based filter importance criterion, uniform response criterion (URC), as a key component of filter pruning. It converts the maximum activation responses into probabilities and then measures the importance of the filter through the distribution of these probabilities over classes. However, applying URC directly to global threshold pruning may cause some problems. The first problem is that some layers will be completely pruned under global pruning settings. The second problem is that global threshold pruning neglects that filters in different layers have different importance. To address these issues, we propose hierarchical threshold pruning (HTP) with URC. It performs a pruning step limited in a relatively redundant layer rather than comparing the filters' importance across all layers, which can avoid some important filters being pruned. The effectiveness of our method benefits from three techniques: 1) measuring filter importance by URC; 2) normalizing filter scores; and 3) conducting prune in relatively redundant layers. Extensive experiments on CIFAR-10/100 and ImageNet show that our method achieves the state-of-the-art performance on multiple benchmarks.
ABSTRACT
Deep neural networks (DNNs) have been widely adopted in many fields, and they greatly promote the Internet of Health Things (IoHT) systems by mining health-related information. However, recent studies have shown the serious threat to DNN-based systems posed by adversarial attacks, which has raised widespread concerns. Attackers maliciously craft adversarial examples (AEs) and blend them into the normal examples (NEs) to fool the DNN models, which seriously affects the analysis results of the IoHT systems. Text data is a common form in such systems, such as the patients' medical records and prescriptions, and we study the security concerns of the DNNs for textural analysis. As identifying and correcting AEs in discrete textual representations is extremely challenging, the available detection techniques are still limited in performance and generalizability, especially in IoHT systems. In this paper, we propose an efficient and structure-free adversarial detection method, which detects AEs even in attack-unknown and model-agnostic circumstances. We reveal that sensitivity inconsistency prevails between AEs and NEs, leading them to react differently when important words in the text are perturbed. This discovery motivates us to design an adversarial detector based on adversarial features, which are extracted based on sensitivity inconsistency. Since the proposed detector is structure-free, it can be directly deployed in off-the-shelf applications without modifying the target models. Compared to the state-of-the-art detection methods, our proposed method improves adversarial detection performance, with an adversarial recall of up to 99.7% and an F1-score of up to 97.8%. In addition, extensive experiments have shown that our method achieves superior generalizability as it can be generalized across different attackers, models, and tasks.
Subject(s)
Internet of Things , Learning , Humans , Internet , Medical Records , Neural Networks, ComputerABSTRACT
A plethora of healthcare data is produced every day due to the proliferation of prominent technologies such as Internet of Medical Things (IoMT). Digital-driven smart devices like wearable watches, wristbands and bracelets are utilized extensively in modern healthcare applications. Mining valuable information from the data distributed at the owners' level is useful, but it is challenging to preserve data privacy. Federated learning (FL) has swiftly surged in popularity due to its efficacy in dealing privacy vulnerabilities. Recent studies have demonstrated that Gradient Inversion Attack (GIA) can reconstruct the input data by leaked gradients, previous work demonstrated the achievement of GIA in very limited scenarios, such as the label repetition rate of the target sample being low and batch sizes being smaller than 48. In this paper, a novel method of End-to-End Gradient Inversion (E2EGI) is proposed. Compared to the state-of-the-art method, E2EGI's Minimum Loss Combinatorial Optimization (MLCO) has the ability to realize reconstructed samples with higher similarity, and the Distributed Gradient Inversion algorithm can implement GIA with batch sizes of 8 to 256 on deep network models (such as ResNet-50) and ImageNet datasets. A new Label Reconstruction algorithm is developed that relies only on the gradient information of the target model, which can achieve a label reconstruction accuracy of 81% in one batch sample with a label repetition rate of 96%, a 27% improvement over the state-of-the-art method. This proposed work can underpin data security assessments for healthcare federated learning.
Subject(s)
Algorithms , Internet of Things , Humans , Privacy , WakefulnessABSTRACT
Convolutional neural networks, in which each layer receives features from the previous layer(s) and then aggregates/abstracts higher level features from them, are widely adopted for image classification. To avoid information loss during feature aggregation/abstraction and fully utilize lower layer features, we propose a novel decision fusion module (DFM) for making an intermediate decision based on the features in the current layer and then fuse its results with the original features before passing them to the next layers. This decision is devised to determine an auxiliary category corresponding to the category at a higher hierarchical level, which can, thus, serve as category-coherent guidance for later layers. Therefore, by stacking a collection of DFMs into a classification network, the generated decision fusion network is explicitly formulated to progressively aggregate/abstract more discriminative features guided by these decisions and then refine the decisions based on the newly generated features in a layer-by-layer manner. Comprehensive results on four benchmarks validate that the proposed DFM can bring significant improvements for various common classification networks at a minimal additional computational cost and are superior to the state-of-the-art decision fusion-based methods. In addition, we demonstrate the generalization ability of the DFM to object detection and semantic segmentation.
ABSTRACT
The COVID-19 pandemic has caused serious consequences in the last few months and trying to control it has been the most important objective. With effective prevention and control methods, the epidemic has been gradually under control in some countries and it is essential to ensure safe work resumption in the future. Although some approaches are proposed to measure people's healthy conditions, such as filling health information forms or evaluating people's travel records, they cannot provide a fine-grained assessment of the epidemic risk. In this paper, we propose a novel epidemic risk assessment method based on the granular data collected by the communication stations. We first compute the epidemic risk of these stations in different intervals by combining the number of infected persons and the way they pass through the station. Then, we calculate the personnel risk in different intervals according to the station trajectory of the queried person. This method could assess people's epidemic risk accurately and efficiently. We also conduct extensive simulations and the results verify the effectiveness of the proposed method.
ABSTRACT
Wireless sensor networks have been widely adopted, and neighbor discovery is an essential step to construct the networks. Most existing studies on neighbor discovery are designed on the assumption that either all nodes are fully connected or only two nodes compose the network. However, networks are partially connected in reality: some nodes are within radio range of each other, while others are not. Low latency and energy efficiency are two common goals, which become even more challenging to achieve at the same time in partially connected networks. We find that the collision caused by simultaneous transmissions is the main obstruction of achieving the two goals. In this paper, we present an efficient algorithm called Panacea to address these challenges by alleviating collisions. To begin with, we design Panacea-NCD (Panacea no collision detection) for nodes that do not have a collision detection mechanism.
ABSTRACT
With the advancement of cloud computing and fog computing, more and more services and data are being moved from local servers to the fog and cloud for processing and storage. Videos are an important part of this movement. However, security issues involved in video moving have drawn wide attention. Although many video-encryption algorithms have been developed to protect local videos, these algorithms fail to solve the new problems faced on the media cloud, such as how to provide a video encryption service to devices with low computing power, how to meet the different encryption requirements for different type of videos, and how to ensure massive video encryption efficiency. To solve these three problems, we propose a cloud-fog-local video encryption framework which consists of a three-layer service model and corresponding key management strategies, a fine-grain video encryption algorithm based on the network abstract layer unit (NALU), and a massive video encryption framework based on Spark. The experiment proves that our proposed solution can meet the different encryption requirements for public videos and private videos. Moreover, in the experiment environment, our encryption algorithm for public videos reaches a speed of 1708 Mbps, and can provide a real-time encryption service for at least 42 channels of 4K-resolution videos.
ABSTRACT
Neighbor discovery is a crucial operation frequently executed throughout the life cycle of a Wireless Sensor Network (WSN). Various protocols have been proposed to minimize the discovery latency or to prolong the lifetime of sensors. However, none of them have addressed that all the critical concerns stemming from real WSNs, including communication collisions, latency constraints and energy consumption limitations. In this paper, we propose Spear, the first practical neighbor discovery framework to meet all these requirements. Spear offers two new methods to reduce communication collisions, thus boosting the discovery rate of existing neighbor discovery protocols. Spear also takes into consideration latency constraints and facilitates timely adjustments in order to reduce the discovery latency. Spear offers two practical energy management methods that evidently prolong the lifetime of sensor nodes. Most importantly, Spear automatically improves the discovery results of existing discovery protocols, on which no modification is required. Beyond reporting details of different Spear modules, we also present experiment evaluations on several notable neighbor discovery protocols. Results show that Spear greatly improves the discovery rate from 33.0% to 99.2%, and prolongs the sensor nodes lifetime up to 6.47 times.
