pith. sign in

arxiv: 2011.00177 · v1 · pith:IAYG4USAnew · submitted 2020-10-31 · 💻 cs.LG · cs.CR· cs.CV

Evaluation of Inference Attack Models for Deep Learning on Medical Data

classification 💻 cs.LG cs.CRcs.CV
keywords medicaldeepattackinferencelearningimagesmodelsprivacy
0
0 comments X
read the original abstract

Deep learning has attracted broad interest in healthcare and medical communities. However, there has been little research into the privacy issues created by deep networks trained for medical applications. Recently developed inference attack algorithms indicate that images and text records can be reconstructed by malicious parties that have the ability to query deep networks. This gives rise to the concern that medical images and electronic health records containing sensitive patient information are vulnerable to these attacks. This paper aims to attract interest from researchers in the medical deep learning community to this important problem. We evaluate two prominent inference attack models, namely, attribute inference attack and model inversion attack. We show that they can reconstruct real-world medical images and clinical reports with high fidelity. We then investigate how to protect patients' privacy using defense mechanisms, such as label perturbation and model perturbation. We provide a comparison of attack results between the original and the medical deep learning models with defenses. The experimental evaluations show that our proposed defense approaches can effectively reduce the potential privacy leakage of medical deep learning from the inference attacks.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Why Trust Your Agent? Empirical Security Gains from TRiSM-Guided Agentic Workflows in Healthcare

    cs.CR 2026-06 unverdicted novelty 4.0

    TRiSM-guided agentic workflows reduced RAG poisoning attack success from 31% to 10%, data-field injection from 42% to 25%, eliminated network injection, and raised report accuracy from 72.5% to 86.5% across five LLMs ...