Securing deep learning models with differential privacy for cardiovascular disease prediction - UTU Tutkimustietojärjestelmä

A1 Vertaisarvioitu alkuperäisartikkeli tieteellisessä lehdessä

Securing deep learning models with differential privacy for cardiovascular disease prediction

Tekijät: Orabe, Zoher; Vasankari, Antti; Pahikkala, Tapio; Kaisti, Matti; Airola, Antti

Kustantaja: Elsevier BV

Julkaisuvuosi: 2026

Journal: Biomedical Signal Processing and Control

Artikkelin numero: 108502

Vuosikerta: 112

Numero: Part C

ISSN: 1746-8094

eISSN: 1746-8108

DOI: https://doi.org/10.1016/j.bspc.2025.108502

Verkko-osoite: https://doi.org/10.1016/j.bspc.2025.108502

Rinnakkaistallenteen osoite: https://research.utu.fi/converis/portal/detail/Publication/500354499

Tiivistelmä

This study investigates how differential privacy (DP) can enhance data confidentiality in deep learning models for predicting cardiovascular diseases (CVDs) using electrocardiography (ECG) data collected from various hospitals. We evaluated the privacy–utility trade-off by analyzing model performance under different privacy budgets (ϵ) across different model architectures, including the high-capacity ResNet with squeeze-and-excitation (ResNet-SE), transformer-based model, and two simple baselines: logistic regression (LR) and multilayer perceptrons (MLP). The original ResNet-SE model, with 8.81 million parameters, showed substantial performance degradation under DP with macro- and micro-average AUCs decreasing from 0.90 and 0.92 to 0.79 and 0.82 at ϵ=10. By reducing the model size by 98.4% to 142,934 parameters, we achieved a better balance between accuracy and privacy, with macro- and micro-average AUCs of 0.87 and 0.89, only 0.03 lower than its non-private performance. The transformer-based model showed weaker robustness to DP, with a macro- and micro-average AUCs dropping from 0.88 and 0.91 to 0.64 and 0.73, while LR and MLP baselines trained on ECG handcrafted features achieved low performance even without privacy. The effect of training with DP varied across classes, having only minimal impact on the four largest classes (AUC reduction ≤ 0.01), but more substantial performance decreases were observed for many of the smaller classes (e.g. 0.10 drop for a condition with a 1.19% class size, and a drop of 0.28 for condition with class size of 3.10%). Overall, our study demonstrates the positive effect of reducing model complexity for improving privacy-utility trade-off for predicting CVDs.

Ladattava julkaisu

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

1-s2.0-S1746809425010134-main.pdf

Julkaisussa olevat rahoitustiedot:
This work has been supported by Research Council of Finland (grant 358868).