Cross-representation transferability of adversarial perturbations: From spectrograms to audio waveforms

/in , , /by
Cross-representation transferability of adversarial perturbations: From spectrograms to audio waveforms

Koerich, Karl M. and Esmailpour, Mohammad and Abdoli, Sajjad and Britto, Alceu S. and Koerich, Alessandro L.

arXiv 2019

Abstract : This paper shows the susceptibility of spectrogram-based audio classifiers to adversarial attacks and the transferability of such attacks to audio waveforms. Some commonly adversarial attacks to images have been applied to Mel-frequency and short-time Fourier transform spectrograms and such perturbed spectrograms are able to fool a 2D convolutional neural network (CNN) for music genre classification with a high fooling rate and high confidence. Such attacks produce perturbed spectrograms that are visually imperceptible by humans. Experimental results on a dataset of western music have shown that the 2D CNN achieves up to 81.87% of mean accuracy on legitimate examples and such a performance drops to 12.09% on adversarial examples. Furthermore, the audio signals reconstructed from the adversarial spectrograms produce audio waveforms that perceptually resemble the legitimate audio.

You might also like
Variational Fair Clustering
SIFT-Rank: Ordinal description for invariant feature correspondence
Progressive boosting for class imbalance
F-CAM: Full resolution class activation maps via guided parametric upscaling
Standalone annotations of axial-view spine images
Improving Signature-Based Biometric Cryptosystems Using Cascaded Signature Verification-Fuzzy Vault (SV-FV) Approach
Factors of overtraining with fuzzy ARTMAP neural networks
Submodularization for binary pairwise energies