ADVERSARIAL ROBUSTNESS IN SPEECH COMMANDS

Hwang, Soonha

Permalink

https://hdl.handle.net/2142/124847 Copy

Description

Title

ADVERSARIAL ROBUSTNESS IN SPEECH COMMANDS

Author(s)

Hwang, Soonha

Issue Date

2023-05-01

Keyword(s)

Artificial Intelligence, Adversarial Attack, Adversarial Robustness, Keyword Spotting

Date of Ingest

2024-10-14T10:44:19-05:00

Abstract

The vulnerability of state-of-the-art neural networks to adversarial perturbations has been widely explored in recent years with a heavy focus on image classification models. In this study, we investigate possible adversarial attacks on a state-of-the-art keyword spotting model by introducing perturbations with respect to the desired signal-to-noise ratio (SNR). Our results show that using the Fast Gradient Sign Method (FGSM) led to a 29.1% drop in accuracy for an inaudible perturbation at SNR of 45dB. With Projected Gradient Descent (PGD), we were able to generate stronger adversarial samples by increasing the number of iterations, resulting in a 62% drop in accuracy at SNR of 45dB with 45 iterations. To improve the robustness of the model, we employed adversarial training where the model was trained using the adversarial samples. Our results show that training the model with FGSM samples led to a significant increase in accuracy in detecting adversarial samples. Specifically, when the model was trained with samples at SNR of 40dB, the accuracy of detection increased from 64.4% to 86.4% for the FGSM attack at SNR of 45dB, and from 21.0% to 85.0% for the PGD attack at SNR of 45dB with 45 iterations. Source code and samples of perturbed audio are available at https://github.com/soonhahwang/Adversarial-Robustness-Speech.

Type of Resource

text

Genre of Resource

dissertation/thesis

Language

eng

Owning Collections