当前位置:
X-MOL 学术
›
IEEE Trans. Inform. Forensics Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A Robust Approach for Securing Audio Classification Against Adversarial Attacks
IEEE Transactions on Information Forensics and Security ( IF 6.8 ) Pub Date : 2019-12-04 , DOI: 10.1109/tifs.2019.2956591 Mohammad Esmaeilpour , Patrick Cardinal , Alessandro Lameiras Koerich
IEEE Transactions on Information Forensics and Security ( IF 6.8 ) Pub Date : 2019-12-04 , DOI: 10.1109/tifs.2019.2956591 Mohammad Esmaeilpour , Patrick Cardinal , Alessandro Lameiras Koerich
Adversarial audio attacks can be considered as a small perturbation unperceptive to human ears that is intentionally added to an audio signal and causes a machine learning model to make mistakes. This poses a security concern about the safety of machine learning models since the adversarial attacks can fool such models toward the wrong predictions. In this paper we first review some strong adversarial attacks that may affect both audio signals and their 2D representations and evaluate the resiliency of deep learning models and support vector machines (SVM) trained on 2D audio representations such as short time Fourier transform, discrete wavelet transform (DWT) and cross recurrent plot against several state-of-the-art adversarial attacks. Next, we propose a novel approach based on pre-processed DWT representation of audio signals and SVM to secure audio systems against adversarial attacks. The proposed architecture has several preprocessing modules for generating and enhancing spectrograms including dimension reduction and smoothing. We extract features from small patches of the spectrograms using the speeded up robust feature (SURF) algorithm which are further used to transform into cluster distance distribution using the K-Means++ algorithm. Finally, SURF-generated vectors are encoded by this codebook and the resulting codewords are used for training a SVM. All these steps yield to a novel approach for audio classification that provides a good tradeoff between accuracy and resilience. Experimental results on three environmental sound datasets show the competitive performance of the proposed approach compared to the deep neural networks both in terms of accuracy and robustness against strong adversarial attacks.
中文翻译:
确保音频分类免受对抗攻击的稳健方法
对抗性音频攻击可以被认为是人耳无法感知的微小扰动,它被故意添加到音频信号中,并导致机器学习模型出错。这引起了对机器学习模型安全性的担忧,因为对抗性攻击可能会使此类模型误入错误的预测。在本文中,我们首先回顾一些可能会影响音频信号及其2D表示的强大对抗性攻击,并评估在2D音频表示上训练的深度学习模型和支持向量机(SVM)的弹性,例如短时傅立叶变换,离散小波变换(DWT)和交叉循环图针对几种最新的对抗性攻击。下一个,我们提出了一种基于预处理的音频信号和SVM的DWT表示的新方法,以保护音频系统免受对抗性攻击。所提出的架构具有几个用于生成和增强频谱图的预处理模块,包括降维和平滑。我们使用加速鲁棒特征(SURF)算法从频谱图的小补丁中提取特征,然后使用K-Means ++算法将其进一步转换为簇距离分布。最终,SURF生成的矢量由此码本编码,所得码字用于训练SVM。所有这些步骤产生了一种用于音频分类的新颖方法,该方法提供了准确性和弹性之间的良好折衷。
更新日期:2020-04-22
中文翻译:
确保音频分类免受对抗攻击的稳健方法
对抗性音频攻击可以被认为是人耳无法感知的微小扰动,它被故意添加到音频信号中,并导致机器学习模型出错。这引起了对机器学习模型安全性的担忧,因为对抗性攻击可能会使此类模型误入错误的预测。在本文中,我们首先回顾一些可能会影响音频信号及其2D表示的强大对抗性攻击,并评估在2D音频表示上训练的深度学习模型和支持向量机(SVM)的弹性,例如短时傅立叶变换,离散小波变换(DWT)和交叉循环图针对几种最新的对抗性攻击。下一个,我们提出了一种基于预处理的音频信号和SVM的DWT表示的新方法,以保护音频系统免受对抗性攻击。所提出的架构具有几个用于生成和增强频谱图的预处理模块,包括降维和平滑。我们使用加速鲁棒特征(SURF)算法从频谱图的小补丁中提取特征,然后使用K-Means ++算法将其进一步转换为簇距离分布。最终,SURF生成的矢量由此码本编码,所得码字用于训练SVM。所有这些步骤产生了一种用于音频分类的新颖方法,该方法提供了准确性和弹性之间的良好折衷。
京公网安备 11010802027423号