Detection of Adversarial Attacks and Characterization of Adversarial Subspace

TL;DR

This paper introduces a novel detector for adversarial attacks on environmental sound classification models, utilizing subspace analysis and eigenvalue discrimination to effectively identify malicious inputs across multiple attack types.

Contribution

The paper proposes a new detection method based on subspace analysis and eigenvalue discrimination that outperforms existing approaches in identifying adversarial examples.

Findings

High detection rate across eight attack types

Effective separation of legitimate and adversarial representations

Outperforms existing detection methods

Abstract

Adversarial attacks have always been a serious threat for any data-driven model. In this paper, we explore subspaces of adversarial examples in unitary vector domain, and we propose a novel detector for defending our models trained for environmental sound classification. We measure chordal distance between legitimate and malicious representation of sounds in unitary space of generalized Schur decomposition and show that their manifolds lie far from each other. Our front-end detector is a regularized logistic regression which discriminates eigenvalues of legitimate and adversarial spectrograms. The experimental results on three benchmarking datasets of environmental sounds represented by spectrograms reveal high detection rate of the proposed detector for eight types of adversarial attacks and outperforms other detection approaches.