End-to-End Adversarial White Box Attacks on Music Instrument Classification

Prinz, Katharina; Flexer, Arthur

doi:10.48550/arxiv.2007.14714

Cited by 1 publication

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Five pretrained voiceprint classification models, namely 1DCNN Rand, 1DCNN Gamma, ENVnet-V2, Sincnet, and SincNet+VGG19, are employed on the UrbanSound8k dataset [10], applying the IG-UAP method to evaluate their performance in untargeted and targeted attacks. Implementation and experimental comparisons were performed on four existing voiceprint universal adversarial perturbation generation methods, which include FGSM-UAP [11], PGD-UAP [12], C&W-UAP [13], and MSCW-UAP [14]. Table 2 displays the experimental environment.…”

Section: Experimental Analysismentioning

confidence: 99%

IG-Based Method for Voiceprint Universal Adversarial Perturbation Generation

Bi,

Yu,

Jin

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

In this paper, we propose an Iterative Greedy-Universal Adversarial Perturbations (IGUAP) approach based on an iterative greedy algorithm to create universal adversarial perturbations for acoustic prints. A thorough, objective account of the IG-UAP method is provided, outlining its framework and approach. The method leverages a greedy iteration approach to formulate an optimization problem for solving acoustic universal adversarial perturbations, with a new objective function designed to ensure that the attack has higher accuracy in terms of minimizing the perceptibility of adversarial perturbations and increasing the accuracy of successful attacks. The perturbation generation process is described in detail, and the resulting acoustic universal adversarial perturbation is evaluated in both target-attack and no-target-attack scenarios. Experimental analysis and testing were carried out using comparable techniques and dissimilar target models. The findings reveal that the acoustic generality adversarial perturbation produced by the IG-UAP method can obtain effective attack results even when the audio training data sample size is minimal, i.e., one for each category. Moreover, the human ear finds it difficult to detect the loss of original data information and the addition of adversarial perturbation (for the case of a target attack, the ASR values range from 82.4% to 90.2% for the small sample data set). The success rates for untargeted and targeted attacks average 85.8% and 84.9%, respectively.

show abstract