A Study On The Transferability Of Adversarial Attacks In Sound Event Classification
Vinod Subramanian, Arjun Pankajakshan, Emmanouil Benetos, SKoT McDonald, Ning Xu, Mark Sandler
-
SPS
IEEE Members: $11.00
Non-members: $15.00Length: 13:54
An adversarial attack is an algorithm that perturbs the input of a machine learning model in an intelligent way in order to change the output of the model. An important property of adversarial attacks is transferability. According to this property, it is possible to generate adversarial perturbations on one model and apply it the input to fool the output of a different model. Our work focuses on studying the transferability of adversarial attacks in sound event classification. We are able to demonstrate differences in transferability properties from those observed in computer vision. We show that dataset normalization techniques such as z-score normalization does not affect the transferability of adversarial attacks and we show that techniques such as knowledge distillation do not increase the transferability of attacks.