SAM: Foreseeing inference-time false data injection attacks on ml-enabled medical devices

From National Research Council Canada

DOI	Resolve DOI: https://doi.org/10.1145/3689942.3694745
Author	Search for: Hallajiyan, Mohammadreza ORCID identifier: https://orcid.org/0000-0003-1570-7351; Search for: Dharmalingam, Athish Pranav ORCID identifier: https://orcid.org/0009-0000-7326-4662; Search for: Mitra, Gargi ORCID identifier: https://orcid.org/0000-0001-8011-4590; Search for: Alemzadeh, Homa ORCID identifier: https://orcid.org/0000-0001-5279-842X; Search for: Iqbal, Shahrear¹ORCID identifier: https://orcid.org/0000-0001-7819-5715; Search for: Pattabiraman, Karthik ORCID identifier: https://orcid.org/0000-0003-2380-3415
Affiliation	National Research Council of Canada. Digital Technologies
Format	Text, Article
Conference	CCS '24: ACM SIGSAC Conference on Computer and Communications Security, October 14-18, 2024, Salt Lake City, UT, USA
Subject	ML-enabled medical devices; false data injection; STPA-sec; security assesssment
Abstract	The increasing use of machine learning (ML) in medical systems necessitates robust security measures to mitigate potential threats. Current research often overlooks the risk of adversaries injecting false inputs through peripheral devices at inference time, leading to mispredictions in patients’ conditions. These risks are hard to foresee and mitigate during the design phase since the system is assembled by end users at the time of use. To address this gap, we introduce SAM, a technique that enables security analysts to perform System Theoretic Process Analysis for Security (STPA-Sec) on ML-enabled medical devices during the design phase. SAM models the medical system as a control structure, with the ML engine as the controller and peripheral devices as potential points for false data injection. It interfaces with state-of-the-art vulnerability databases and Large Language Models (LLMs) to automate the discovery of vulnerabilities and generate a list of possible attack paths. We demonstrate the usefulness of SAM through case studies on two FDA-cleared medical devices: a blood glucose management system and a bone mineral density measurement software. SAM allows security analysts to expedite the security assessment of ML-enabled medical devices at the design phase. This proactive approach mitigates potential patient harm and reduces costs associated with post-deployment security measures.
Publication date	2023-11-21
Publisher	ACM
In	Proceedings of the 2024 Workshop on Cybersecurity in Healthcare (21 November 2024): 77–84. https://doi.org/10.1145/3689942.
Language	English
Peer reviewed	Yes
Export citation	Export as RIS
Report a correction	Report a correction (opens in a new tab)
Record identifier	d65db7cf-6ec7-4164-814c-69978eda7666
Record created	2024-12-02
Record modified	2024-12-03

Date modified:: 2025-06-14