Robust Federated Learning Against Adversarial Attacks for Speech Emotion Recognition

• URL: http://arxiv.org/abs/2203.04696v1
• Date: Wed, 9 Mar 2022 13:19:26 GMT
• Title: Robust Federated Learning Against Adversarial Attacks for Speech Emotion Recognition
• Authors: Yi Chang, Sofiane Laridi, Zhao Ren, Gregory Palmer, Bj\"orn W. Schuller, Marco Fisichella
• Abstract summary: Speech data cannot be protected when uploaded and processed on servers in internet-of-things applications. Deep neural networks have proven to be vulnerable to human-indistinguishable adversarial perturbations. We propose a novel federated adversarial learning framework for protecting both data and deep neural networks.
• Score: 12.024098046435796
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Due to the development of machine learning and speech processing, speech emotion recognition has been a popular research topic in recent years. However, the speech data cannot be protected when it is uploaded and processed on servers in the internet-of-things applications of speech emotion recognition. Furthermore, deep neural networks have proven to be vulnerable to human-indistinguishable adversarial perturbations. The adversarial attacks generated from the perturbations may result in deep neural networks wrongly predicting the emotional states. We propose a novel federated adversarial learning framework for protecting both data and deep neural networks. The proposed framework consists of i) federated learning for data privacy, and ii) adversarial training at the training stage and randomisation at the testing stage for model robustness. The experiments show that our proposed framework can effectively protect the speech data locally and improve the model robustness against a series of adversarial attacks.

Related papers

• STAA-Net: A Sparse and Transferable Adversarial Attack for Speech Emotion Recognition [36.73727306933382]
  We propose a generator-based attack method to generate sparse and transferable adversarial examples to deceive SER models. We evaluate our method on two widely-used SER datasets, Database of Elicited Mood in Speech (DEMoS) and Interactive Emotional dyadic MOtion CAPture (IEMOCAP)
  arXiv  Detail & Related papers  (2024-02-02T08:46:57Z)
• Investigating Human-Identifiable Features Hidden in Adversarial Perturbations [54.39726653562144]
  Our study explores up to five attack algorithms across three datasets. We identify human-identifiable features in adversarial perturbations. Using pixel-level annotations, we extract such features and demonstrate their ability to compromise target models.
  arXiv  Detail & Related papers  (2023-09-28T22:31:29Z)
• A reading survey on adversarial machine learning: Adversarial attacks and their understanding [6.1678491628787455]
  Adversarial Machine Learning exploits and understands some of the vulnerabilities that cause the neural networks to misclassify for near original input. A class of algorithms called adversarial attacks is proposed to make the neural networks misclassify for various tasks in different domains. This article provides a survey of existing adversarial attacks and their understanding based on different perspectives.
  arXiv  Detail & Related papers  (2023-08-07T07:37:26Z)
• How Deep Learning Sees the World: A Survey on Adversarial Attacks & Defenses [0.0]
  This paper compiles the most recent adversarial attacks, grouped by the attacker capacity, and modern defenses clustered by protection strategies. We also present the new advances regarding Vision Transformers, summarize the datasets and metrics used in the context of adversarial settings, and compare the state-of-the-art results under different attacks, finishing with the identification of open issues.
  arXiv  Detail & Related papers  (2023-05-18T10:33:28Z)
• Defense Against Adversarial Attacks on Audio DeepFake Detection [0.4511923587827302]
  Audio DeepFakes (DF) are artificially generated utterances created using deep learning. Multiple neural network-based methods to detect generated speech have been proposed to prevent the threats.
  arXiv  Detail & Related papers  (2022-12-30T08:41:06Z)
• Unintended Memorization and Timing Attacks in Named Entity Recognition Models [5.404816271595691]
  We study the setting when NER models are available as a black-box service for identifying sensitive information in user documents. With updated pre-trained NER models from spaCy, we demonstrate two distinct membership attacks on these models.
  arXiv  Detail & Related papers  (2022-11-04T03:32:16Z)
• Searching for the Essence of Adversarial Perturbations [73.96215665913797]
  We show that adversarial perturbations contain human-recognizable information, which is the key conspirator responsible for a neural network's erroneous prediction. This concept of human-recognizable information allows us to explain key features related to adversarial perturbations.
  arXiv  Detail & Related papers  (2022-05-30T18:04:57Z)
• Attribute Inference Attack of Speech Emotion Recognition in Federated Learning Settings [56.93025161787725]
  Federated learning (FL) is a distributed machine learning paradigm that coordinates clients to train a model collaboratively without sharing local data. We propose an attribute inference attack framework that infers sensitive attribute information of the clients from shared gradients or model parameters. We show that the attribute inference attack is achievable for SER systems trained using FL.
  arXiv  Detail & Related papers  (2021-12-26T16:50:42Z)
• The Feasibility and Inevitability of Stealth Attacks [63.14766152741211]
  We study new adversarial perturbations that enable an attacker to gain control over decisions in generic Artificial Intelligence systems. In contrast to adversarial data modification, the attack mechanism we consider here involves alterations to the AI system itself.
  arXiv  Detail & Related papers  (2021-06-26T10:50:07Z)
• Speaker De-identification System using Autoencoders and Adversarial Training [58.720142291102135]
  We propose a speaker de-identification system based on adversarial training and autoencoders. Experimental results show that combining adversarial learning and autoencoders increase the equal error rate of a speaker verification system.
  arXiv  Detail & Related papers  (2020-11-09T19:22:05Z)
• Detecting Cross-Modal Inconsistency to Defend Against Neural Fake News [57.9843300852526]
  We introduce the more realistic and challenging task of defending against machine-generated news that also includes images and captions. To identify the possible weaknesses that adversaries can exploit, we create a NeuralNews dataset composed of 4 different types of generated articles. In addition to the valuable insights gleaned from our user study experiments, we provide a relatively effective approach based on detecting visual-semantic inconsistencies.
  arXiv  Detail & Related papers  (2020-09-16T14:13:15Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.