End-to-End Adversarial White Box Attacks on Music Instrument Classification
Katharina Prinz (1), Arthur Flexer (1) ((1) Johannes Kepler, University Linz)
TL;DR
This paper introduces the first end-to-end adversarial attack method on music instrument classification, directly perturbing audio waveforms to cause misclassification while remaining nearly imperceptible.
Contribution
It presents a novel end-to-end attack approach on audio data, bypassing spectrogram-based methods and demonstrating high effectiveness in fooling classifiers.
Findings
Accuracy drops near random chance levels.
Perturbations are almost imperceptible.
Any instrument can be targeted for misclassification.
Abstract
Small adversarial perturbations of input data are able to drastically change performance of machine learning systems, thereby challenging the validity of such systems. We present the very first end-to-end adversarial attacks on a music instrument classification system allowing to add perturbations directly to audio waveforms instead of spectrograms. Our attacks are able to reduce the accuracy close to a random baseline while at the same time keeping perturbations almost imperceptible and producing misclassifications to any desired instrument.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Digital Media Forensic Detection