The recent rise of adversarial machine learning highlights the vulnerabilities of various systems relevant in a wide range of application domains. This paper focuses on the important domain of automatic space surveillance based on the acoustic modality. After setting up a state of the art solution using log-Mel spectrogram modeled by a convolutional neural network, we systematically investigate the following four types of adversarial attacks: a) Fast Gradient Sign, b) Projected Gradient Descent, c) Jacobian Saliency Map, and d) Carlini & Wagner `∞. Experimental scenarios aiming at inducing false positives or negatives are considered, while attacks’ efficiency are thoroughly examined. It is shown that several attack types are able to reach high success rate levels by injecting relatively small perturbations on the original audio signals. This underlines the need of suitable and effective defense strategies, which will boost reliabil- ity in machine learning based solution.
Adversarial Attacks Against Audio Surveillance Systems / S. Ntalampiras - In: 2022 30th European Signal Processing Conference (EUSIPCO)[s.l] : IEEE, 2022. - ISBN 978-1-6654-6798-8. - pp. 1-5 (( Intervento presentato al 30. convegno EUSIPCO tenutosi a Belgrade nel 2022.
Adversarial Attacks Against Audio Surveillance Systems
S. Ntalampiras
2022
Abstract
The recent rise of adversarial machine learning highlights the vulnerabilities of various systems relevant in a wide range of application domains. This paper focuses on the important domain of automatic space surveillance based on the acoustic modality. After setting up a state of the art solution using log-Mel spectrogram modeled by a convolutional neural network, we systematically investigate the following four types of adversarial attacks: a) Fast Gradient Sign, b) Projected Gradient Descent, c) Jacobian Saliency Map, and d) Carlini & Wagner `∞. Experimental scenarios aiming at inducing false positives or negatives are considered, while attacks’ efficiency are thoroughly examined. It is shown that several attack types are able to reach high success rate levels by injecting relatively small perturbations on the original audio signals. This underlines the need of suitable and effective defense strategies, which will boost reliabil- ity in machine learning based solution.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Adversarial_Attacks_Against_Audio_Surveillance_Systems.pdf
accesso aperto
Tipologia:
Publisher's version/PDF
Dimensione
668.3 kB
Formato
Adobe PDF
|
668.3 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
