From sound representation to model robustness

/in , , /by
From sound representation to model robustness

Esmaeilpour, Mohammad and Cardinal, Patrick and Koerich, Alessandro Lameiras

arXiv 2020

Abstract : —In this paper, we demonstrate the extreme vulnerability of a residual deep neural network architecture (ResNet-18) against adversarial attacks in time-frequency representations of audio signals. We evaluate MFCC, short time Fourier transform (STFT), and discrete wavelet transform (DWT) to modulate environmental sound signals in 2D representation spaces. ResNet-18 not only outperforms other dense deep learning classifiers (i.e., GoogLeNet and AlexNet) in terms of recognition accuracy, but also it considerably transfers adversarial examples to other victim classifiers. On the balance of average budgets allocated by adversaries and the cost of the attack, we notice an inverse relationship between high recognition accuracy and model robustness against six strong adversarial attacks. We investigated this relationship to the three 2D representation domains, which are commonly used to represent audio signals, on three benchmarking environmental sound datasets. The experimental results have shown that while the ResNet-18 classifier trained on DWT spectrograms achieves the highest recognition accuracy, attacking this model is relatively more costly for the adversary compared to the MFCC and STFT representations.

You might also like
GPU accelerated acoustic likelihood computations
F-measure curves: A tool to visualize classifier performance under imbalance
Tracking endocardial boundary and motion via graph cut distribution matching and multiple model filtering
Volumetric bias in segmentation and reconstruction: secrets and solutions
Segmentation of arabic cursive script
Universal adversarial audio perturbations
An ILP model for multi-label MRFs with connectivity constraints
Intelligent watermarking with multi-objective Population Based Incremental Learning