Missing pattern based backdoor attack on medical machine learning model의료 머신러닝 모델에 대한 미싱 패턴 기반의 백도어 공격
Backdoor attack was introduced that previously inserts a backdoor on a medical machine learning model and manipulates the result at the attacker’s will at test time. However, previous attacks must poison a large amount of a training dataset, and the attackers must investigate the characteristics of the data in advance. This paper performs a backdoor attack that only modifies the missing pattern of EHR. The missing pattern based backdoor attack enables to perform the attack with a smaller poisoning proportion of the training dataset and without any prior information of the data, which reduces the likelihood of detection. Experimental results on four ML models (LR, MP, LSTM, and GRU) that predict in-hospital mortality using the MIMIC-III dataset showed that the proposed technology achieves attack success rates of 97–99% with a poisoning proportion of less than 2%. Furthermore, the classification accuracy of clean EHR data was substantially comparable to the non-contaminated model, demonstrating the efficacy of the attack.
- Advisors
- 신인식researcher
- Description
- 한국과학기술원 :정보보호대학원,
- Publisher
- 한국과학기술원
- Issue Date
- 2022
- Identifier
- 325007
- Language
- eng
- Description
학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2022.2,[iii, 22 p. :]
- Keywords
machine learning▼atrigger▼aEHR▼amask▼abackdoor attack; 머신러닝▼a트리거▼aEHR▼a마스크▼a백도어공격
- Appears in Collection
- IS-Theses_Master(석사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.