Disruptive technologies like Machine Learning (ML), cloud computing and big-data analytics will be largely adopted soon in healthcare, enabling personalized treatments, robotized surgeries, automatically generated diagnoses. Moreover, big data analytics and artificial intelligence could drive the discovery of new treatment.
The threat of cyber-attack on the healthcare applications is more and more serious over the last years. Malware, hijacking, social engineering, denial of service attacks, device tampering and physical thefts have been listed as the most serious threats to medical systems and applications. In the last two years, more than 100 million records were breached from the healthcare databases and more than 70000 machines infected by WannaCry Ransomware, including not only PCs, but also more specialist equipment such as MRI scanners or blood-storage refrigerators. Moreover, ML-based healthcare applications are sensible to specialized cyber-attacks, called adversarial attacks, difficult to detect; the privacy of patients could be posed at risk by data analytics on health records but also on genomics.
This project, hereafter PRISMA (PRIvacy-preserving, Security, and MAchine-learning techniques for healthcare applications) focuses on reducing cyber risks in healthcare by protecting healthcare applications from cyber-attacks and by preserving the privacy of patients' medical data. PRISMA foresees the collaboration of researchers in computer science and medicine (member of Stitch research center) with the goal of producing solutions that could be effectively applied in the healthcare sector. Specifically, PRISMA's objectives are:
- To develop a tool for the detection of adversarial attacks to ML-based healthcare applications
- To develop new techniques to preserve the privacy of medical data when processed by data analytics applications, and by ML-based applications.
- To develop advanced techniques to respond to cyber-attacks to healthcare applications.
The PRISMA contribution is intended to enhance the safety and privacy of patients and to propose innovative solutions that will enable the healthcare industry to produce more secure and dependable ML-based healthcare applications.
Although the problems of adversarial attacks, privacy-preserving big data analytics, and autonomic protection have been addressed in the literature, no studies focus on healthcare applications, and the proposed solutions are still in their infancy. PRISMA will enhance the state of the art as follow.
Detection of adversarial attacks. Several works in the recent years have shown that ML models are prone to adversarial attacks [1,2]. In [1], the authors demonstrate that is possible to control a remotely hosted Deep Neural Network without the knowledge of the model (black box attack). In [4] is proven the effectiveness of adversarial attacks against a variety of machine learning algorithms in fields like image recognition, but none of them target medical applications. With today's state of the art, detecting adversarial attacks is a challenge, as surveyed by Carlini et al. [5] that concludes adversarial examples are significantly harder to detect than previously believed.
PRISMA will improve the state of the art in two directions: studying how to realize adversarial attacks to healthcare applications (like robotized surgeries and genomic analysis for personalized treatments), and developing methods to detect such attacks. PRISMA will apply a mix of statistical techniques and unsupervised learning techniques to detect such attacks.
Privacy-preserving analytics is a challenge in many domains and in particular in healthcare. Differential privacy [9] is an approach to extract statistical information from large databases without compromising the privacy of the data. Despite differential privacy is a consolidated research field, its application to big data [10] and medical data [11] is still challenging because of dynamic data, and scalability issues, the data characteristics and the purpose of the analysis. PRISMA will enhance the state of the art proposing and implementing innovative mechanisms for privacy-preserving analytics of healthcare Big Data.
Autonomic response. While research in autonomic computing [6] is mature with respect self-configuration and self-optimization, there are few works addressing self-protection [7,8]. The most relevant work [8] related to PRISMA propose a model-based approach using Markov Decision Process, that has the limitation in term of building the system model, scalability, and learning new attacks and response actions. PRISMA innovation will consist in using Deep learning approach both for detection and generation of attacks. PRISMA will propose innovative model-free approaches to predict the action to be taken in case an attack or an anomalous behavior¿ is detected. We foresee to propose solutions based on Generative Adversarial Network and Distributed Neural Networks supported by ML algorithms that allow to heuristically determine the optimal response action and to learn new response actions on the basis of the knowledge developed.
[1] Papernot, N., et al. 2016. The limitations of deep learning in adversarial settings. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on (pp. 372-387)
[2] Papernot, N., et al.. 2017. Practical black-box attacks against machine learning. In Proc of the 2017 ACM on Asia Conference on Computer and Communications Security (pp. 506-519). ACM.
[4] Grosse, K., et al. 2016. Adversarial perturbations against deep neural networks for malware classification.
[5] Carlini, N., et al. 2017. Adversarial examples are not easily detected: Bypassing ten detection methods. In Proc. of the 10th ACM Workshop on Artificial Intelligence and Security (pp. 3-14). ACM.
[6] J. O. Kephart et al.. The vision of autonomic computing. IEEE Computer, 36(1):41-50, 2003
[7] S. Ossenbühl, et al. 2015, Towards Automated Incident Handling: How to Select an Appropriate Response against a Network-Based Attack? 9th Int. Conference on IT Security Incident Management & IT Forensics,
[8] Stefano Iannucci et al.. 2018. Model-Based Response Planning Strategies for Autonomic Intrusion Protection. ACM Trans. Auton. Adapt. Syst. 13, 1
[9] Cynthia Dwork. 2006. Differential privacy. In Proceedings of the 33rd international conference on Automata, Languages and Programming, Springer-Verlag, Berlin, Heidelberg
[10] Vatsalan D., et al. (2017) Privacy-Preserving Record Linkage for Big Data: Current Approaches and Research Challenges. In: Handbook of Big Data Technologies. Springer, Cham
[11] Oana-Georgiana Niculaescu, et. al. 2017. Differentially-Private Big Data Analytics for High-Speed Research Network Traffic Measurement. In Proc. of the 7th ACM on Conference on Data and Application Security and Privacy