Artificial intelligence has made great progress in medical data analysis, but the lack of robustness and trustworthiness has kept these methods from being widely deployed. As it is not possible to train networks that are accurate in all situations, models must recognize situations where they cannot operate confidently. Bayesian deep learning methods sample the model parameter space to estimate uncertainty, but these parameters are often subject to the same vulnerabilities, which can be exploited by adversarial attacks. We propose a novel ensemble approach based on feature decorrelation and Fourier partitioning for teaching networks diverse complementary features, reducing the chance of perturbation-based fooling. We test our approach on electrocardiogram classification, demonstrating superior accuracy confidence measurement, on a variety of adversarial attacks. For example, on our ensemble trained with both decorrelation and Fourier partitioning scored a 50.18% inference accuracy and 48.01% uncertainty accuracy (area under the curve) on {\epsilon} = 50 projected gradient descent attacks, while a conventionally trained ensemble scored 21.1% and 30.31% on these metrics respectively. Our approach does not require expensive optimization with adversarial samples and can be scaled to large problems. These methods can easily be applied to other tasks for more robust and trustworthy models.
翻译:人工智能在医学数据分析方面取得了巨大进展,但缺乏强健性和可信度使这些方法无法广泛应用。由于不可能对网络进行在所有情况下都准确的培训,模型必须认识到无法自信操作的情况。贝伊斯深深层学习方法抽样模型参数空间,以估计不确定性,但这些参数往往受到同样的弱点的影响,这可以通过对抗性攻击加以利用。我们提出了基于特征装饰和对教学网络不同互补特征的四分法的新式混合法,减少了以扰动为基础的愚弄机会。我们测试了电子心电图分类方法,展示了更高的准确度信心测量,并测试了各种对抗性攻击。例如,我们接受过装饰和四分配混合训练的共合体获得50.18%的推断准确度和48.01%的不确定性(曲线下地区)的精确度,这可以被推至50种预测的梯度下降率攻击,而经过常规培训的共性组合则能为21.1%和30.31 %的愚弄机会。我们采用这些方法对于这些计量标准来说并不需要更昂贵的精确的模型。