-
Class-Incremental Continual Learning for General Purpose Healthcare Models
Authors:
Amritpal Singh,
Mustafa Burak Gurbuz,
Shiva Souhith Gantha,
Prahlad Jasti
Abstract:
Healthcare clinics regularly encounter dynamic data that changes due to variations in patient populations, treatment policies, medical devices, and emerging disease patterns. Deep learning models can suffer from catastrophic forgetting when fine-tuned in such scenarios, causing poor performance on previously learned tasks. Continual learning allows learning on new tasks without performance drop on…
▽ More
Healthcare clinics regularly encounter dynamic data that changes due to variations in patient populations, treatment policies, medical devices, and emerging disease patterns. Deep learning models can suffer from catastrophic forgetting when fine-tuned in such scenarios, causing poor performance on previously learned tasks. Continual learning allows learning on new tasks without performance drop on previous tasks. In this work, we investigate the performance of continual learning models on four different medical imaging scenarios involving ten classification datasets from diverse modalities, clinical specialties, and hospitals. We implement various continual learning approaches and evaluate their performance in these scenarios. Our results demonstrate that a single model can sequentially learn new tasks from different specialties and achieve comparable performance to naive methods. These findings indicate the feasibility of recycling or sharing models across the same or different medical specialties, offering another step towards the development of general-purpose medical imaging AI that can be shared across institutions.
△ Less
Submitted 7 November, 2023;
originally announced November 2023.
-
Pareto-Secure Machine Learning (PSML): Fingerprinting and Securing Inference Serving Systems
Authors:
Debopam Sanyal,
Jui-Tse Hung,
Manav Agrawal,
Prahlad Jasti,
Shahab Nikkhoo,
Somesh Jha,
Tianhao Wang,
Sibin Mohan,
Alexey Tumanov
Abstract:
Model-serving systems have become increasingly popular, especially in real-time web applications. In such systems, users send queries to the server and specify the desired performance metrics (e.g., desired accuracy, latency). The server maintains a set of models (model zoo) in the back-end and serves the queries based on the specified metrics. This paper examines the security, specifically robust…
▽ More
Model-serving systems have become increasingly popular, especially in real-time web applications. In such systems, users send queries to the server and specify the desired performance metrics (e.g., desired accuracy, latency). The server maintains a set of models (model zoo) in the back-end and serves the queries based on the specified metrics. This paper examines the security, specifically robustness against model extraction attacks, of such systems. Existing black-box attacks assume a single model can be repeatedly selected for serving inference requests. Modern inference serving systems break this assumption. Thus, they cannot be directly applied to extract a victim model, as models are hidden behind a layer of abstraction exposed by the serving system. An attacker can no longer identify which model she is interacting with. To this end, we first propose a query-efficient fingerprinting algorithm to enable the attacker to trigger any desired model consistently. We show that by using our fingerprinting algorithm, model extraction can have fidelity and accuracy scores within $1\%$ of the scores obtained when attacking a single, explicitly specified model, as well as up to $14.6\%$ gain in accuracy and up to $7.7\%$ gain in fidelity compared to the naive attack. Second, we counter the proposed attack with a noise-based defense mechanism that thwarts fingerprinting by adding noise to the specified performance metrics. The proposed defense strategy reduces the attack's accuracy and fidelity by up to $9.8\%$ and $4.8\%$, respectively (on medium-sized model extraction). Third, we show that the proposed defense induces a fundamental trade-off between the level of protection and system goodput, achieving configurable and significant victim model extraction protection while maintaining acceptable goodput ($>80\%$). We implement the proposed defense in a real system with plans to open source.
△ Less
Submitted 6 August, 2023; v1 submitted 3 July, 2023;
originally announced July 2023.
-
Experimental Evidence for Defect Tolerance in Pb-Halide Perovskites
Authors:
Naga Prathibha Jasti,
Igal Levine,
Yishay Feldman,
Gary Hodes,
Sigalit Aharon,
David Cahen
Abstract:
The term defect tolerance (DT) is used often to rationalize the exceptional optoelectronic properties of Halide Perovskites (HaPs) and their devices. Even though DT lacked direct experimental evidence, it became a "fact" in the field. DT in semiconductors implies that structural defects do not translate to electrical and optical effects (e.g., due to charge trap**), associated with such defects.…
▽ More
The term defect tolerance (DT) is used often to rationalize the exceptional optoelectronic properties of Halide Perovskites (HaPs) and their devices. Even though DT lacked direct experimental evidence, it became a "fact" in the field. DT in semiconductors implies that structural defects do not translate to electrical and optical effects (e.g., due to charge trap**), associated with such defects. We present the first direct experimental evidence for DT in Pb-HaPs by comparing the structural quality of 2-dimensional (2D), 2D-3D, and 3D Pb-iodide HaP crystals with their optoelectronic characteristics using high-sensitivity methods. Importantly, we get information from the materials' bulk, because we sample at least a few hundred nanometers, up to several micrometers, from the sample's surface, which allows for assessing intrinsic bulk (and not only surface-) properties of HaPs. The results point to DT in 3D, 2D-3D, and 2D Pb-HaPs. Overall, our data provide an experimental basis to rationalize DT in Pb-HaPs. These experiments and findings can guide the search for, and design of other materials with DT.
△ Less
Submitted 22 February, 2024; v1 submitted 25 May, 2023;
originally announced May 2023.