Cross-representation transferable adversarial examples generation for audio classification

Cross-representation transferable adversarial examples generation for audio classification

Adversarial examples have been used as an important tool for detecting vulnerabilities in deep neural networks. The unique property of transferability enables them to deceive black-box deep neural network models. Transfer-based attack methods for audio classification have recently attracted extensiv...

Full description

Saved in:
Bibliographic Details
Main Authors: TIAN Zilin, LONG Yunfei, TIAN Ye, ZHANG Liguo
Format: Article
Language:English
Published: POSTS&TELECOM PRESS Co., LTD 2025-04-01
Series:网络与信息安全学报
Subjects:
adversarial example
transfer-based attack
audio classification attack
cross-representation
Online Access:http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2025022
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Adversarial examples have been used as an important tool for detecting vulnerabilities in deep neural networks. The unique property of transferability enables them to deceive black-box deep neural network models. Transfer-based attack methods for audio classification have recently attracted extensive discussion. However, in the audio domain, existing transfer-based methods overlooked the transferability of adversarial audio examples from 1D waveform to 2D Mel-spectrogram representation. It was observed that adversarial examples generated against a raw-waveform surrogate model could not successfully attack Mel-spectrogram target models. A method for generating cross-representation transferable adversarial examples for audio classification was proposed. Specifically, losses from two pre-trained surrogate models accepting different representations were linearly combined to train generators for crafting adversarial audio examples with high cross-representation and cross-model transferability. Furthermore, the predictive discrepancies between the two surrogate models were minimized to enhance cross-representation transferability. Additionally, the generator's output was used to train these surrogate models adversarially, which significantly enhanced the robustness of the surrogate models and consequently boosted the cross-model transferability of adversarial examples. Extensive experiments were carried out on the Urban Sound8k and ShipsEar datasets. The results demonstrate that this approach could improve the cross-representation transferability of adversarial examples and significantly outperform existing transfer-based attacks.
ISSN:2096-109X

Similar Items