Robust Audio Adversarial Example for a Physical Attack

Goodfellow, I. J., Shlens, J., & Szegedy, C.: Explaining and harnessing adversarial examples. In Proc. of ICLR. (2015)

Carlini, N., & Wagner, D.: Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. In Proc. of Deep Learning and Security Workshop. (2018)

f :Rn
→ {1,…,k}
x ∈!n
!x ∈"n
s.t. f (x) ≠ f (!x) ∧ D(x, !x) ≤ δ
!x s.t. f (!x) = l ∧ D(x, !x) ≤ δ
l ∈{1,…,k}
panda
f
gibbon
x
!x
f (x)
f (!x)

!x = x + !v where !v = argmin
v
Loss
f
(x + v,l)+ ε " v "
ε D(x, !x) ≤ δ
panda

!x = x + !v where !v = argmin
v
Loss
f
(x + v,l)+ ε " v "
ε D(x, !x) ≤ δ
gibbon

Athalye, A., et. al.: Synthesizing robust adversarial examples. In Proc. of ICML. (2018)
 
f (!x) = l

argmin
v
Et~Τ Loss
f
(t(x + v),l)+ ε D(t(x),t(x + v))⎡
⎣⎢
⎤
⎦⎥
argmin
v
Loss
f
(x + v,l)+ ε ! v !

Yuan, X., et. al.: CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition. In Proc. of USENIX Security. (2018) 

argmin
v
Loss
f
(MFCC(x + v), l)+ ε ! v !
x ∈!T
l ∈∑N
argmin
v
Loss
f
(x + v,l)+ ε ! v !

Loss vt

argmin
v
Loss
f
(MFCC(x + BPF
1000~4000Hz
(v)), l)+ ε ! v !

h(t) u(t)
′u (t) = u(x)h(t − x)dx
−∞
∞
∫

H
 
argmin
v
Eh~H Loss(MFCC(Conv
h
(x + BPF
1000~4000Hz
(v))), l)+ ε v⎡
⎣
⎤
⎦
Conv
h
(⋅)

Ν(0, σ
2
)
argmin
v
Eh~H ,w~N (0,σ 2
)
Loss(MFCC(Conv
h
(x + BPF
1000~4000Hz
(v))+ w), l)+ ε v⎡
⎣
⎤
⎦

x  
Carlini, N., & Wagner, D.: Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. In Proc. of Deep Learning and Security Workshop. (2018) 
Hannun, A. Y., et. al.: Deep Speech: Scaling up end- to-end speech recognition. arXiv preprint arXiv:1412.05567. (2014)

Px =
1
T
xt
2
t=1
T
∑
Pv =
1
T
vt
2
t=1
T
∑ 10log10
Px
Pv

Povey, D., et. al.: The Kaldi Speech Recognition Toolkit. In Proc. of ASRU. (2011)

Carlini, N., & Wagner, D.: Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. In Proc. of Deep Learning and Security Workshop. (2018) 
Yang, Z., et. al.: Characterizing Audio Adversarial Examples Using Temporal Dependency. arXiv preprint arXiv:1809.10875. (2018)

Yang, Z., et. al.: Characterizing Audio Adversarial Examples Using Temporal Dependency. arXiv preprint arXiv:1809.10875. (2018)

Schönherr, L., et. al.: Adversarial Attacks Against ASR Systems via Psychoacoustic Hiding. In Proc. of NDSS. (2019)
Yuan, X., et. al.: CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition. In Proc. of USENIX Security. (2018)

Taori, R., et. al.: Targeted Adversarial Examples for Black Box Audio Systems. arXiv preprint arXiv:1805.07820. (2018)

Robust Audio Adversarial Example for a Physical Attack

Recomendados

Recomendados

Más contenido relacionado

Más de Hiromu Yakura

Más de Hiromu Yakura (20)

Último

Último (20)

Robust Audio Adversarial Example for a Physical Attack