Files and links (1)
Preprint (Author's original)arXiv.org - Non-exclusive license to distribute, Open
Preprint
Adversarial Attacks against Neural Networks in Audio Domain: Exploiting Principal Components
arXiv.org
13 Jan 2021
Abstract
Adversarial attacks are inputs that are similar to original inputs but
altered on purpose. Speech-to-text neural networks that are widely used today
are prone to misclassify adversarial attacks. In this study, first, we
investigate the presence of targeted adversarial attacks by altering wave forms
from Common Voice data set. We craft adversarial wave forms via Connectionist
Temporal Classification Loss Function, and attack DeepSpeech, a speech-to-text
neural network implemented by Mozilla. We achieve 100% adversarial success rate
(zero successful classification by DeepSpeech) on all 25 adversarial wave forms
that we crafted. Second, we investigate the use of PCA as a defense mechanism
against adversarial attacks. We reduce dimensionality by applying PCA to these
25 attacks that we created and test them against DeepSpeech. We observe zero
successful classification by DeepSpeech, which suggests PCA is not a good
defense mechanism in audio domain. Finally, instead of using PCA as a defense
mechanism, we use PCA this time to craft adversarial inputs under a black-box
setting with minimal adversarial knowledge. With no knowledge regarding the
model, parameters, or weights, we craft adversarial attacks by applying PCA to
samples from Common Voice data set and achieve 100% adversarial success under
black-box setting again when tested against DeepSpeech. We also experiment with
different percentage of components necessary to result in a classification
during attacking process. In all cases, adversary becomes successful.
Metrics
3 Record Views
Details
- Title
- Adversarial Attacks against Neural Networks in Audio Domain: Exploiting Principal Components
- Creators
- Ken AlparslanYigit Alparslan - Drexel UniversityMatthew Burlick - Drexel University
- Publication Details
- arXiv.org
- Resource Type
- Preprint
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Other Identifier
- 991021868011804721