Adversarial Attacks on Underwater Soundscape Classification Systems
Abstract
Deep convolutional neural networks (CNN) are shown to be effective in underwater soundscape classification, providing the potential for increased automation and performance of contact detection systems on board ships and autonomous unmanned underwater vehicles (UUV). CNNs are known to be vulnerable to adversarial attacks that add a small perturbation to the input, causing a classifier to incorrectly classify the input example. A common method in audio classification is to transform source audio into spectrogram images to use as features for classification. We test several established image-based adversarial attack methods against an underwater soundscape classifier to demonstrate the vulnerability of a system reliant on spectrograms. Five methods successfully fooled the target classifier over 80 percent of the time with small epsilon. Additionally, this thesis introduces a novel, perceptually motivated, audio-based adversarial attack on audio classification systems. The attack modifies an existing attack generation scheme to include perceptually motivated penalty functions with the goal of reducing loudness of the adversarial noise, which reduces the perceptibility of the attack. Inclusion of perceptual metrics in the attack training reduces the relative loudness of generated perturbations by 4.5 dB for attacks against the underwater soundscape classifier and 8.7 dB for speech command classifier on average without impacting the success of the attack.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2021
- Accession Number
- AD1225445
Entities
People
- Jason A. Henry
Organizations
- Naval Postgraduate School