-
Label Propagation Techniques for Artifact Detection in Imbalanced Classes using Photoplethysmogram Signals
Authors:
Clara Macabiau,
Thanh-Dung Le,
Kevin Albert,
Mana Shahriari,
Philippe Jouvet,
Rita Noumeir
Abstract:
This study aimed to investigate the application of label propagation techniques to propagate labels among photoplethysmogram (PPG) signals, particularly in imbalanced class scenarios and limited data availability scenarios, where clean PPG samples are significantly outnumbered by artifact-contaminated samples. We investigated a dataset comprising PPG recordings from 1571 patients, wherein approxim…
▽ More
This study aimed to investigate the application of label propagation techniques to propagate labels among photoplethysmogram (PPG) signals, particularly in imbalanced class scenarios and limited data availability scenarios, where clean PPG samples are significantly outnumbered by artifact-contaminated samples. We investigated a dataset comprising PPG recordings from 1571 patients, wherein approximately 82% of the samples were identified as clean, while the remaining 18% were contaminated by artifacts. Our research compares the performance of supervised classifiers, such as conventional classifiers and neural networks (Multi-Layer Perceptron (MLP), Transformers, Fully Convolutional Network (FCN)), with the semi-supervised Label Propagation (LP) algorithm for artifact classification in PPG signals. The results indicate that the LP algorithm achieves a precision of 91%, a recall of 90%, and an F1 score of 90% for the "artifacts" class, showcasing its effectiveness in annotating a medical dataset, even in cases where clean samples are rare. Although the K-Nearest Neighbors (KNN) supervised model demonstrated good results with a precision of 89%, a recall of 95%, and an F1 score of 92%, the semi-supervised algorithm excels in artifact detection. In the case of imbalanced and limited pediatric intensive care environment data, the semi-supervised LP algorithm is promising for artifact detection in PPG signals. The results of this study are important for improving the accuracy of PPG-based health monitoring, particularly in situations in which motion artifacts pose challenges to data interpretation
△ Less
Submitted 23 May, 2024; v1 submitted 16 August, 2023;
originally announced August 2023.
-
Sex Trouble: Common pitfalls in incorporating sex/gender in medical machine learning and how to avoid them
Authors:
Kendra Albert,
Maggie Delano
Abstract:
False assumptions about sex and gender are deeply embedded in the medical system, including that they are binary, static, and concordant. Machine learning researchers must understand the nature of these assumptions in order to avoid perpetuating them. In this perspectives piece, we identify three common mistakes that researchers make when dealing with sex/gender data: "sex confusion", the failure…
▽ More
False assumptions about sex and gender are deeply embedded in the medical system, including that they are binary, static, and concordant. Machine learning researchers must understand the nature of these assumptions in order to avoid perpetuating them. In this perspectives piece, we identify three common mistakes that researchers make when dealing with sex/gender data: "sex confusion", the failure to identity what sex in a dataset does or doesn't mean; "sex obsession", the belief that sex, specifically sex assigned at birth, is the relevant variable for most applications; and "sex/gender slippage", the conflation of sex and gender even in contexts where only one or the other is known. We then discuss how these pitfalls show up in machine learning studies based on electronic health record data, which is commonly used for everything from retrospective analysis of patient outcomes to the development of algorithms to predict risk and administer care. Finally, we offer a series of recommendations about how machine learning researchers can produce both research and algorithms that more carefully engage with questions of sex/gender, better serving all patients, including transgender people.
△ Less
Submitted 15 March, 2022;
originally announced March 2022.
-
Adversarial for Good? How the Adversarial ML Community's Values Impede Socially Beneficial Uses of Attacks
Authors:
Kendra Albert,
Maggie Delano,
Bogdan Kulynych,
Ram Shankar Siva Kumar
Abstract:
Attacks from adversarial machine learning (ML) have the potential to be used "for good": they can be used to run counter to the existing power structures within ML, creating breathing space for those who would otherwise be the targets of surveillance and control. But most research on adversarial ML has not engaged in develo** tools for resistance against ML systems. Why? In this paper, we review…
▽ More
Attacks from adversarial machine learning (ML) have the potential to be used "for good": they can be used to run counter to the existing power structures within ML, creating breathing space for those who would otherwise be the targets of surveillance and control. But most research on adversarial ML has not engaged in develo** tools for resistance against ML systems. Why? In this paper, we review the broader impact statements that adversarial ML researchers wrote as part of their NeurIPS 2020 papers and assess the assumptions that authors have about the goals of their work. We also collect information about how authors view their work's impact more generally. We find that most adversarial ML researchers at NeurIPS hold two fundamental assumptions that will make it difficult for them to consider socially beneficial uses of attacks: (1) it is desirable to make systems robust, independent of context, and (2) attackers of systems are normatively bad and defenders of systems are normatively good. That is, despite their expressed and supposed neutrality, most adversarial ML researchers believe that the goal of their work is to secure systems, making it difficult to conceptualize and build tools for disrupting the status quo.
△ Less
Submitted 15 September, 2021; v1 submitted 11 July, 2021;
originally announced July 2021.
-
"This Whole Thing Smacks of Gender": Algorithmic Exclusion in Bioimpedance-based Body Composition Analysis
Authors:
Kendra Albert,
Maggie Delano
Abstract:
Smart weight scales offer bioimpedance-based body composition analysis as a supplement to pure body weight measurement. Companies such as Withings and Fitbit tout composition analysis as providing self-knowledge and the ability to make more informed decisions. However, these aspirational statements elide the reality that these numbers are a product of proprietary regression equations that require…
▽ More
Smart weight scales offer bioimpedance-based body composition analysis as a supplement to pure body weight measurement. Companies such as Withings and Fitbit tout composition analysis as providing self-knowledge and the ability to make more informed decisions. However, these aspirational statements elide the reality that these numbers are a product of proprietary regression equations that require a binary sex/gender as their input. Our paper combines transgender studies-influenced personal narrative with an analysis of the scientific basis of bioimpedance technology used as part of the Withings smart scale. Attempting to include nonbinary people reveals that bioelectrical impedance analysis has always rested on physiologically shaky ground. White nonbinary people are merely the tip of the iceberg of those who may find that their smart scale is not so intelligent when it comes to their bodies. Using body composition analysis as an example, we explore how the problem of trans and nonbinary inclusion in personal health tech goes beyond the issues of adding a third "gender" box or slap** a rainbow flag on the packaging. We also provide recommendations as to how to approach creating more inclusive technologies even while still relying on exclusionary data.
△ Less
Submitted 25 January, 2021; v1 submitted 20 January, 2021;
originally announced January 2021.
-
Ethical Testing in the Real World: Evaluating Physical Testing of Adversarial Machine Learning
Authors:
Kendra Albert,
Maggie Delano,
Jonathon Penney,
Afsaneh Rigot,
Ram Shankar Siva Kumar
Abstract:
This paper critically assesses the adequacy and representativeness of physical domain testing for various adversarial machine learning (ML) attacks against computer vision systems involving human subjects. Many papers that deploy such attacks characterize themselves as "real world." Despite this framing, however, we found the physical or real-world testing conducted was minimal, provided few detai…
▽ More
This paper critically assesses the adequacy and representativeness of physical domain testing for various adversarial machine learning (ML) attacks against computer vision systems involving human subjects. Many papers that deploy such attacks characterize themselves as "real world." Despite this framing, however, we found the physical or real-world testing conducted was minimal, provided few details about testing subjects and was often conducted as an afterthought or demonstration. Adversarial ML research without representative trials or testing is an ethical, scientific, and health/safety issue that can cause real harms. We introduce the problem and our methodology, and then critique the physical domain testing methodologies employed by papers in the field. We then explore various barriers to more inclusive physical testing in adversarial ML and offer recommendations to improve such testing notwithstanding these challenges.
△ Less
Submitted 3 December, 2020;
originally announced December 2020.
-
Legal Risks of Adversarial Machine Learning Research
Authors:
Ram Shankar Siva Kumar,
Jonathon Penney,
Bruce Schneier,
Kendra Albert
Abstract:
Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities. In this paper, we ask, "What are the potential legal risks to adversarial ML researchers when they attack ML systems?" Studying or testing the security of any operational system potentially runs afoul…
▽ More
Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities. In this paper, we ask, "What are the potential legal risks to adversarial ML researchers when they attack ML systems?" Studying or testing the security of any operational system potentially runs afoul the Computer Fraud and Abuse Act (CFAA), the primary United States federal statute that creates liability for hacking. We claim that Adversarial ML research is likely no different. Our analysis show that because there is a split in how CFAA is interpreted, aspects of adversarial ML attacks, such as model inversion, membership inference, model stealing, reprogramming the ML system and poisoning attacks, may be sanctioned in some jurisdictions and not penalized in others. We conclude with an analysis predicting how the US Supreme Court may resolve some present inconsistencies in the CFAA's application in Van Buren v. United States, an appeal expected to be decided in 2021. We argue that the court is likely to adopt a narrow construction of the CFAA, and that this will actually lead to better adversarial ML security outcomes in the long term.
△ Less
Submitted 29 June, 2020;
originally announced June 2020.
-
Politics of Adversarial Machine Learning
Authors:
Kendra Albert,
Jonathon Penney,
Bruce Schneier,
Ram Shankar Siva Kumar
Abstract:
In addition to their security properties, adversarial machine-learning attacks and defenses have political dimensions. They enable or foreclose certain options for both the subjects of the machine learning systems and for those who deploy them, creating risks for civil liberties and human rights. In this paper, we draw on insights from science and technology studies, anthropology, and human rights…
▽ More
In addition to their security properties, adversarial machine-learning attacks and defenses have political dimensions. They enable or foreclose certain options for both the subjects of the machine learning systems and for those who deploy them, creating risks for civil liberties and human rights. In this paper, we draw on insights from science and technology studies, anthropology, and human rights literature, to inform how defenses against adversarial attacks can be used to suppress dissent and limit attempts to investigate machine learning systems. To make this concrete, we use real-world examples of how attacks such as perturbation, model inversion, or membership inference can be used for socially desirable ends. Although the predictions of this analysis may seem dire, there is hope. Efforts to address human rights concerns in the commercial spyware industry provide guidance for similar measures to ensure ML systems serve democratic, not authoritarian ends
△ Less
Submitted 26 April, 2020; v1 submitted 31 January, 2020;
originally announced February 2020.
-
Failure Modes in Machine Learning Systems
Authors:
Ram Shankar Siva Kumar,
David O Brien,
Kendra Albert,
Salomé Viljöen,
Jeffrey Snover
Abstract:
In the last two years, more than 200 papers have been written on how machine learning (ML) systems can fail because of adversarial attacks on the algorithms and data; this number balloons if we were to incorporate papers covering non-adversarial failure modes. The spate of papers has made it difficult for ML practitioners, let alone engineers, lawyers, and policymakers, to keep up with the attacks…
▽ More
In the last two years, more than 200 papers have been written on how machine learning (ML) systems can fail because of adversarial attacks on the algorithms and data; this number balloons if we were to incorporate papers covering non-adversarial failure modes. The spate of papers has made it difficult for ML practitioners, let alone engineers, lawyers, and policymakers, to keep up with the attacks against and defenses of ML systems. However, as these systems become more pervasive, the need to understand how they fail, whether by the hand of an adversary or due to the inherent design of a system, will only become more pressing. In order to equip software developers, security incident responders, lawyers, and policy makers with a common vernacular to talk about this problem, we developed a framework to classify failures into "Intentional failures" where the failure is caused by an active adversary attempting to subvert the system to attain her goals; and "Unintentional failures" where the failure is because an ML system produces an inherently unsafe outcome. After develo** the initial version of the taxonomy last year, we worked with security and ML teams across Microsoft, 23 external partners, standards organization, and governments to understand how stakeholders would use our framework. Throughout the paper, we attempt to highlight how machine learning failure modes are meaningfully different from traditional software failures from a technology and policy perspective.
△ Less
Submitted 25 November, 2019;
originally announced November 2019.
-
Structure-Preserving Constrained Optimal Trajectory Planning of a Wheeled Inverted Pendulum
Authors:
Klaus Albert,
Karmvir Singh Phogat,
Felix Anhalt,
Ravi N Banavar,
Debasish Chatterjee,
Boris Lohmann
Abstract:
The Wheeled Inverted Pendulum (WIP) is an underactuated, nonholonomic mechatronic system, and has been popularized commercially as the Segway. Designing a control law for motion planning, that incorporates the state and control constraints, while respecting the configuration manifold, is a challenging problem. In this article we derive a discrete-time model of the WIP system using discrete mechani…
▽ More
The Wheeled Inverted Pendulum (WIP) is an underactuated, nonholonomic mechatronic system, and has been popularized commercially as the Segway. Designing a control law for motion planning, that incorporates the state and control constraints, while respecting the configuration manifold, is a challenging problem. In this article we derive a discrete-time model of the WIP system using discrete mechanics and generate optimal trajectories for the WIP system by solving a discrete-time constrained optimal control problem. Further, we describe a nonlinear continuous-time model with parameters for designing a closed loop LQ-controller. A dual control architecture is implemented in which the designed optimal trajectory is then provided as a reference to the robot with the optimal control trajectory as a feedforward control action, and an LQ-controller in the feedback mode is employed to mitigate noise and disturbances for ensuing stable motion of the WIP system. While performing experiments on the WIP system involving aggressive maneuvers with fairly sharp turns, we found a high degree of congruence in the designed optimal trajectories and the path traced by the robot while tracking these trajectories. This corroborates the validity of the nonlinear model and the control scheme. Finally, these experiments demonstrate the highly nonlinear nature of the WIP system and robustness of the control scheme.
△ Less
Submitted 2 October, 2019; v1 submitted 29 November, 2018;
originally announced November 2018.
-
Law and Adversarial Machine Learning
Authors:
Ram Shankar Siva Kumar,
David R. O'Brien,
Kendra Albert,
Salome Vilojen
Abstract:
When machine learning systems fail because of adversarial manipulation, how should society expect the law to respond? Through scenarios grounded in adversarial ML literature, we explore how some aspects of computer crime, copyright, and tort law interface with perturbation, poisoning, model stealing and model inversion attacks to show how some attacks are more likely to result in liability than ot…
▽ More
When machine learning systems fail because of adversarial manipulation, how should society expect the law to respond? Through scenarios grounded in adversarial ML literature, we explore how some aspects of computer crime, copyright, and tort law interface with perturbation, poisoning, model stealing and model inversion attacks to show how some attacks are more likely to result in liability than others. We end with a call for action to ML researchers to invest in transparent benchmarks of attacks and defenses; architect ML systems with forensics in mind and finally, think more about adversarial machine learning in the context of civil liberties. The paper is targeted towards ML researchers who have no legal background.
△ Less
Submitted 4 December, 2018; v1 submitted 25 October, 2018;
originally announced October 2018.
-
Real time error detection in metal arc welding process using Artificial Neural Netwroks
Authors:
Prashant Sharma,
Shaju K. Albert,
S. Rajeswari
Abstract:
Quality assurance in production line demands reliable weld joints. Human made errors is a major cause of faulty production. Promptly Identifying errors in the weld while welding is in progress will decrease the post inspection cost spent on the welding process. Electrical parameters generated during welding, could able to characterize the process efficiently. Parameter values are collected using h…
▽ More
Quality assurance in production line demands reliable weld joints. Human made errors is a major cause of faulty production. Promptly Identifying errors in the weld while welding is in progress will decrease the post inspection cost spent on the welding process. Electrical parameters generated during welding, could able to characterize the process efficiently. Parameter values are collected using high speed data acquisition system. Time series analysis tasks such as filtering, pattern recognition etc. are performed over the collected data. Filtering removes the unwanted noisy signal components and pattern recognition task segregate error patterns in the time series based upon similarity, which is performed by Self Organized map** clustering algorithm. Welder quality is thus compared by detecting and counting number of error patterns appeared in his parametric time series. Moreover, Self Organized map** algorithm provides the database in which patterns are segregated into two classes either desirable or undesirable. Database thus generated is used to train the classification algorithms, and thereby automating the real time error detection task. Multi Layer Perceptron and Radial basis function are the two classification algorithms used, and their performance has been compared based on metrics such as specificity, sensitivity, accuracy and time required in training.
△ Less
Submitted 10 March, 2016;
originally announced March 2016.