Detection of Adversarial Attacks and Characterization of Adversarial Subspace
This work addresses the threat of adversarial attacks for data-driven models, specifically in environmental sound classification, but it is incremental as it builds on existing detection approaches.
The paper tackles the problem of detecting adversarial attacks on environmental sound classification models by analyzing subspaces of adversarial examples in unitary vector domains, achieving high detection rates for eight types of adversarial attacks and outperforming other detection methods.
Adversarial attacks have always been a serious threat for any data-driven model. In this paper, we explore subspaces of adversarial examples in unitary vector domain, and we propose a novel detector for defending our models trained for environmental sound classification. We measure chordal distance between legitimate and malicious representation of sounds in unitary space of generalized Schur decomposition and show that their manifolds lie far from each other. Our front-end detector is a regularized logistic regression which discriminates eigenvalues of legitimate and adversarial spectrograms. The experimental results on three benchmarking datasets of environmental sounds represented by spectrograms reveal high detection rate of the proposed detector for eight types of adversarial attacks and outperforms other detection approaches.