Robustness of Adversarial Attacks in Sound Event Classification

@inproceedings{Subramanian2019RobustnessOA,
  title={Robustness of Adversarial Attacks in Sound Event Classification},
  author={Subramanian and Emmanouil Benetos and Mark Sandler and Events},
  booktitle={DCASE},
  year={2019}
}
An adversarial attack is a method to generate perturbations to the input of a machine learning model in order to make the output of the model incorrect. The perturbed inputs are known as adversarial examples. In this paper, we investigate the robustness of adversarial examples to simple input transformations such as mp3 compression, resampling, white noise and reverb in the task of sound event classification. By performing this analysis, we aim to provide insights on strengths and weaknesses in… 

Figures and Tables from this paper

A Study on the Transferability of Adversarial Attacks in Sound Event Classification
TLDR
This work demonstrates differences in transferability properties from those observed in computer vision and shows that dataset normalization techniques such as z-score normalization does not affect the transferability of adversarial attacks and Techniques such as knowledge distillation do not increase the transferable of attacks.
Defending Against Imperceptible Audio Adversarial Examples Using Proportional Additive Gaussian Noise
TLDR
This work presents a robust defense for inaudible or imperceptible audio adversarial examples that mimics the adversarial strategy to add targeted proportional additive Gaussian noise in order to revert an adversarial example back to its original transcription.
Improving the Adversarial Robustness for Speaker Verification by Self-Supervised Learning
TLDR
Since there is no common metric for evaluating the ASV performance under adversarial attacks, this work formalizes evaluation metrics for adversarial defense considering both purification and detection based approaches into account and encourages future works to benchmark their approaches based on the proposed evaluation framework.
Adversarial Defense for Automatic Speaker Verification by Self-Supervised Learning
TLDR
This work is among the first to perform adversarial defense for ASV without knowing the specific attack algorithms and formalizes evaluation metrics for adversarialdefense considering both purification and detection based approaches into account.
Identifying Audio Adversarial Examples via Anomalous Pattern Detection
TLDR
This work shows that 2 of the recent and current state-of-the-art adversarial attacks on audio processing systems systematically lead to higher-than-expected activation at some subset of nodes and can detect these with up to an AUC of 0.98 with no degradation in performance on benign samples.
Transferability of Adversarial Attacks on Synthetic Speech Detection
TLDR
A comprehensive benchmark to evaluate the transferability of adversarial attacks on the synthetic speech detection task is established and the weaknesses of synthetic speech detec-tors and the transferable behaviours of adversarian attacks are summarised to provide insights for future research.
Generation of Black-box Audio Adversarial Examples Based on Gradient Approximation and Autoencoders
TLDR
A real-time attack framework that utilizes the neural network trained by the gradient approximation method to generate adversarial examples on Keyword Spotting (KWS) systems that can easily fool a black-box KWS system to output incorrect results with only one inference.
Sequential Randomized Smoothing for Adversarially Robust Speech Recognition
TLDR
This paper applies adaptive versions of state-of-the-art attacks, such as the Imperceptible ASR attack, to their model, and shows that the strongest defense is robust to all attacks that use inaudible noise, and can only be broken with very high distortion.
End-to-End Adversarial White Box Attacks on Music Instrument Classification
TLDR
This work presents the very first end-to-end adversarial attacks on a music instrument classification system allowing to add perturbations directly to audio waveforms instead of spectrograms.
Audio-Visual Event Recognition Through the Lens of Adversary
TLDR
Using adversarial noise to ablate multimodal models is able to provide insights into what is the best potential fusion strategy to balance the model parameters/accuracy and robustness trade-off, and distinguish the robust features versus the non-robust features that various neural networks model tend to learn.
...
...

References

SHOWING 1-10 OF 27 REFERENCES
Adversarial Attacks in Sound Event Classification
TLDR
This paper applies different gradient based adversarial attack algorithms on five deep learning models trained for sound event classification to show that adversarial attacks can be generated with high confidence and low perturbation.
Robust Audio Adversarial Example for a Physical Attack
TLDR
Evaluation and a listening experiment demonstrated that adversarial examples generated by the proposed method are able to attack a state-of-the-art speech recognition model in the physical world without being noticed by humans, suggesting that audio adversarial example may become a real threat.
Towards Weighted-Sampling Audio Adversarial Example Attack.
TLDR
Experiments show that this method is the first in the field to generate audio adversarial examples with low noise and high audio robustness at the minute time-consuming level.
A Robust Approach for Securing Audio Classification Against Adversarial Attacks
TLDR
A novel approach based on pre-processed DWT representation of audio signals and SVM to secure audio systems against adversarial attacks and shows competitive performance compared to the deep neural networks both in terms of accuracy and robustness against strong adversarial attack.
Characterizing Audio Adversarial Examples Using Temporal Dependency
TLDR
The results reveal the importance of using the temporal dependency in audio data to gain discriminate power against adversarial examples and offer novel insights in exploiting domain-specific data properties to mitigate negative effects of adversarialExamples.
Robust Physical-World Attacks on Machine Learning Models
TLDR
This paper proposes a new attack algorithm--Robust Physical Perturbations (RP2)-- that generates perturbations by taking images under different conditions into account and can create spatially-constrained perturbation that mimic vandalism or art to reduce the likelihood of detection by a casual observer.
Adversarial examples in the physical world
TLDR
It is found that a large fraction of adversarial examples are classified incorrectly even when perceived through the camera, which shows that even in physical world scenarios, machine learning systems are vulnerable to adversarialExamples.
Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition
TLDR
This paper develops effectively imperceptible audio adversarial examples by leveraging the psychoacoustic principle of auditory masking, while retaining 100% targeted success rate on arbitrary full-sentence targets and makes progress towards physical-world over-the-air audio adversaria examples by constructing perturbations which remain effective even after applying realistic simulated environmental distortions.
Isolated and Ensemble Audio Preprocessing Methods for Detecting Adversarial Examples against Automatic Speech Recognition
TLDR
One particular combined defense incorporating compressions, speech coding, filtering, and audio panning was shown to be quite effective against the attack on the Speech Commands Model, detecting audio adversarial examples with 93.5% precision and 91.2% recall.
Noise Flooding for Detecting Audio Adversarial Examples Against Automatic Speech Recognition
  • K. Rajaratnam, J. Kalita
  • Computer Science
    2018 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT)
  • 2018
TLDR
This work explores the idea of flooding p articular frequency bands of an audio signal with random noise in order to detect adversarial examples, and builds on the idea that speech classifiers are relatively robust to natural noise.
...
...