End-to-End Adversarial White Box Attacks on Music Instrument Classification
This addresses security risks in audio-based ML systems, particularly for music analysis applications, but is incremental as it adapts known adversarial attack techniques to a new domain.
The authors tackled the vulnerability of music instrument classification systems to adversarial attacks by developing the first end-to-end method that adds perturbations directly to audio waveforms, reducing accuracy close to random baseline while keeping perturbations almost imperceptible and enabling targeted misclassifications.
Small adversarial perturbations of input data are able to drastically change performance of machine learning systems, thereby challenging the validity of such systems. We present the very first end-to-end adversarial attacks on a music instrument classification system allowing to add perturbations directly to audio waveforms instead of spectrograms. Our attacks are able to reduce the accuracy close to a random baseline while at the same time keeping perturbations almost imperceptible and producing misclassifications to any desired instrument.