Abstract

The prevalence of machine learning in biomedical research is rapidly growing, yet the trustworthiness of such research is often over- looked. While some previous works have investigated the ability of ad- versarial attacks to degrade model performance in medical imaging, the ability to falsely improve performance via recently-developed “enhance- ment attacks” may be a greater threat to biomedical machine learn- ing. In the spirit of developing attacks to better understand trustwor- thiness, we developed three techniques to drastically enhance prediction performance of classifiers with minimal changes to features, including the enhancement of 1) within-dataset predictions, 2) a particular method over another, and 3) cross-dataset generalization. Our within-dataset en- hancement framework falsely improved classifiers’ accuracy from 50% to almost 100% while maintaining high feature similarities between origi- nal and enhanced data (Pearson’s r′s > 0.99). Similarly, the method- specific enhancement framework was effective in falsely improving the performance of one method over another. For example, a simple neural network outperformed LR by 50% on our enhanced dataset, although no performance differences were present in the original dataset. Crucially, the original and enhanced data were still similar (r = 0.95). Finally, we demonstrated that enhancement is not specific to within-dataset predic- tions but can also be adapted to enhance the generalization accuracy of one dataset to another by up to 38%. Overall, our results suggest that more robust data sharing and provenance tracking pipelines are neces- sary to maintain data integrity in biomedical machine learning research.