From Environmental Sound Representation to Robustness of 2D CNN Models
Against Adversarial Attacks
- URL: http://arxiv.org/abs/2204.07018v1
- Date: Thu, 14 Apr 2022 15:14:08 GMT
- Title: From Environmental Sound Representation to Robustness of 2D CNN Models
Against Adversarial Attacks
- Authors: Mohammad Esmaeilpour and Patrick Cardinal and Alessandro Lameiras
Koerich
- Abstract summary: This paper investigates the impact of different standard environmental sound representations (spectrograms) on the recognition performance and adversarial attack robustness of a victim residual convolutional neural network.
We show that while the ResNet-18 model trained on DWT spectrograms achieves a high recognition accuracy, attacking this model is relatively more costly for the adversary.
- Score: 82.21746840893658
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: This paper investigates the impact of different standard environmental sound
representations (spectrograms) on the recognition performance and adversarial
attack robustness of a victim residual convolutional neural network, namely
ResNet-18. Our main motivation for focusing on such a front-end classifier
rather than other complex architectures is balancing recognition accuracy and
the total number of training parameters. Herein, we measure the impact of
different settings required for generating more informative Mel-frequency
cepstral coefficient (MFCC), short-time Fourier transform (STFT), and discrete
wavelet transform (DWT) representations on our front-end model. This
measurement involves comparing the classification performance over the
adversarial robustness. We demonstrate an inverse relationship between
recognition accuracy and model robustness against six benchmarking attack
algorithms on the balance of average budgets allocated by the adversary and the
attack cost. Moreover, our experimental results have shown that while the
ResNet-18 model trained on DWT spectrograms achieves a high recognition
accuracy, attacking this model is relatively more costly for the adversary than
other 2D representations. We also report some results on different
convolutional neural network architectures such as ResNet-34, ResNet-56,
AlexNet, and GoogLeNet, SB-CNN, and LSTM-based.
Related papers
- Towards Evaluating the Robustness of Visual State Space Models [63.14954591606638]
Vision State Space Models (VSSMs) have demonstrated remarkable performance in visual perception tasks.
However, their robustness under natural and adversarial perturbations remains a critical concern.
We present a comprehensive evaluation of VSSMs' robustness under various perturbation scenarios.
arXiv Detail & Related papers (2024-06-13T17:59:44Z) - TSFool: Crafting Highly-Imperceptible Adversarial Time Series through Multi-Objective Attack [6.243453526766042]
We propose an efficient method called TSFool to craft highly-imperceptible adversarial time series for RNN-based TSC.
The core idea is a new global optimization objective known as "Camouflage Coefficient" that captures the imperceptibility of adversarial samples from the class distribution.
Experiments on 11 UCR and UEA datasets showcase that TSFool significantly outperforms six white-box and three black-box benchmark attacks.
arXiv Detail & Related papers (2022-09-14T03:02:22Z) - Unveiling the potential of Graph Neural Networks for robust Intrusion
Detection [2.21481607673149]
We propose a novel Graph Neural Network (GNN) model to learn flow patterns of attacks structured as graphs.
Our model is able to maintain the same level of accuracy as in previous experiments, while state-of-the-art ML techniques degrade up to 50% their accuracy (F1-score) under adversarial attacks.
arXiv Detail & Related papers (2021-07-30T16:56:39Z) - On the benefits of robust models in modulation recognition [53.391095789289736]
Deep Neural Networks (DNNs) using convolutional layers are state-of-the-art in many tasks in communications.
In other domains, like image classification, DNNs have been shown to be vulnerable to adversarial perturbations.
We propose a novel framework to test the robustness of current state-of-the-art models.
arXiv Detail & Related papers (2021-03-27T19:58:06Z) - Firearm Detection via Convolutional Neural Networks: Comparing a
Semantic Segmentation Model Against End-to-End Solutions [68.8204255655161]
Threat detection of weapons and aggressive behavior from live video can be used for rapid detection and prevention of potentially deadly incidents.
One way for achieving this is through the use of artificial intelligence and, in particular, machine learning for image analysis.
We compare a traditional monolithic end-to-end deep learning model and a previously proposed model based on an ensemble of simpler neural networks detecting fire-weapons via semantic segmentation.
arXiv Detail & Related papers (2020-12-17T15:19:29Z) - Adversarially Training for Audio Classifiers [9.868221447090853]
We show that, the ResNet-56 model trained on the 2D representation of the discrete wavelet transform with the tonnetz chromagram outperforms other models in terms of recognition accuracy.
We run our experiments on two benchmarking environmental sound datasets and show that without any imposed limitations on the budget allocations for the adversary, the fooling rate of the adversarially trained models can exceed 90%.
arXiv Detail & Related papers (2020-08-26T15:15:32Z) - From Sound Representation to Model Robustness [82.21746840893658]
We investigate the impact of different standard environmental sound representations (spectrograms) on the recognition performance and adversarial attack robustness of a victim residual convolutional neural network.
Averaged over various experiments on three environmental sound datasets, we found the ResNet-18 model outperforms other deep learning architectures.
arXiv Detail & Related papers (2020-07-27T17:30:49Z) - Interpolation between Residual and Non-Residual Networks [24.690238357686134]
We present a novel ODE model by adding a damping term.
It can be shown that the proposed model can recover both a ResNet and a CNN by adjusting an coefficient.
Experiments on a number of image classification benchmarks show that the proposed model substantially improves the accuracy of ResNet and ResNeXt.
arXiv Detail & Related papers (2020-06-10T09:36:38Z) - Triple Wins: Boosting Accuracy, Robustness and Efficiency Together by
Enabling Input-Adaptive Inference [119.19779637025444]
Deep networks were recently suggested to face the odds between accuracy (on clean natural images) and robustness (on adversarially perturbed images)
This paper studies multi-exit networks associated with input-adaptive inference, showing their strong promise in achieving a "sweet point" in cooptimizing model accuracy, robustness and efficiency.
arXiv Detail & Related papers (2020-02-24T00:40:22Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.