Adversarial Machine Learning in e-Health: Attacking a Smart Prescription System

Abstract

Machine learning (ML) algorithms are the basis of many services we rely on in our everyday life. For this reason, a new research line has recently emerged with the aim of investigating how ML can be misled by adversarial examples. In this paper we address an e-health scenario in which an automatic system for prescriptions can be deceived by inputs forged to subvert the model's prediction. In particular, we present an algorithm capable of generating a precise sequence of moves that the adversary has to take in order to elude the automatic prescription service. Experimental analyses performed on a real dataset of patients' clinical records show that a minimal alteration of the clinical records can subvert predictions with high probability.