Step Restriction for Improving Adversarial Attacks

Keita Goto (Tokyo Institute of Technology); Shinta Otake (Tokyo Institute of Technology); Rei Kawakami (Tokyo Institute of Technology); Nakamasa Inoue (Tokyo Institute of Technology)

DOI

SPS

Members: Free
IEEE Members: $11.00
Non-members: $15.00

06 Jun 2023

We propose an algorithm to automatically restrict the step size in the iterative optimization process with an application to adversarial attacks on speaker verification models. The proposed algorithm dynamically determines a subspace with a restriction radius r to which the Taylor approximation is applied at each iteration and then solves a linear problem within the subspace by using the projected gradient method. In experiments, we demonstrate adversarial attacks on three speaker verification models: i-vectors, SE-ResNet-34, and ECAPA-TDNN. We show that the degree of adversarial perturbations generated by the proposed algorithm is smaller than that generated by the conventional attack method.

Tags:

Multi-modal signal processing and analysis (audio/visual/haptics/radar/lidar etc.)

Step Restriction for Improving Adversarial Attacks

Keita Goto (Tokyo Institute of Technology); Shinta Otake (Tokyo Institute of Technology); Rei Kawakami (Tokyo Institute of Technology); Nakamasa Inoue (Tokyo Institute of Technology)

Value-Added Bundle(s) Including this Product

IEEE ICASSP 2023, 4-10 June 2023, Greece. Virtual and In-Person Conference - Presentation Videos Product Bundle

More Like This

BIRD-PCC: Bi-directional Range Image-based Deep LiDAR Point Cloud Compression

Guide and Select: A Transformer-based Multimodal Fusion Method for Points of Interest Description Generation

Improving Few-Shot Learning for Talking Face System with TTS Data Augmentation

Join the IEEE Signal Processing Society