University of Illinois Urbana-Champaign

ADVERSARIAL ROBUSTNESS IN SPEECH COMMANDS

Hwang, Soonha

Content Files
SP23-ECE499-Thesis-Hwang, Soonha.pdf

Permalink

https://hdl.handle.net/2142/124847

Description

Title
ADVERSARIAL ROBUSTNESS IN SPEECH COMMANDS
Author(s)
Hwang, Soonha
Issue Date
2023-05-01
Keyword(s)
Artificial Intelligence, Adversarial Attack, Adversarial Robustness, Keyword Spotting
Date of Ingest
2024-10-14T10:44:19-05:00
Abstract
The vulnerability of state-of-the-art neural networks to adversarial perturbations has been widely explored in recent years with a heavy focus on image classification models. In this study, we investigate possible adversarial attacks on a state-of-the-art keyword spotting model by introducing perturbations with respect to the desired signal-to-noise ratio (SNR). Our results show that using the Fast Gradient Sign Method (FGSM) led to a 29.1% drop in accuracy for an inaudible perturbation at SNR of 45dB. With Projected Gradient Descent (PGD), we were able to generate stronger adversarial samples by increasing the number of iterations, resulting in a 62% drop in accuracy at SNR of 45dB with 45 iterations. To improve the robustness of the model, we employed adversarial training where the model was trained using the adversarial samples. Our results show that training the model with FGSM samples led to a significant increase in accuracy in detecting adversarial samples. Specifically, when the model was trained with samples at SNR of 40dB, the accuracy of detection increased from 64.4% to 86.4% for the FGSM attack at SNR of 45dB, and from 21.0% to 85.0% for the PGD attack at SNR of 45dB with 45 iterations. Source code and samples of perturbed audio are available at https://github.com/soonhahwang/Adversarial-Robustness-Speech.
Type of Resource
text
Genre of Resource
dissertation/thesis
Language
eng

Owning Collections

Senior Theses - Electrical and Computer Engineering PRIMARY
The best of ECE undergraduate research