ADVERSARIAL ATTACKS ON UNDERWATER SOUNDSCAPE CLASSIFICATION SYSTEMS

Loading...
Thumbnail Image
Authors
Henry, Jason A.
Subjects
convolutional neural networks
CNN
adversarial
attacks
sound
audio
underwater
classification
generative
unmanned underwater vehicle
UUV
Advisors
Orescanin, Marko
Date of Issue
2021-06
Date
June 2021
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Deep convolutional neural networks (CNN) are shown to be effective in underwater soundscape classification, providing the potential for increased automation and performance of contact detection systems on board ships and autonomous unmanned underwater vehicles (UUV). CNNs are known to be vulnerable to adversarial attacks that add a small perturbation to the input, causing a classifier to incorrectly classify the input example. A common method in audio classification is to transform source audio into spectrogram images to use as features for classification. We test several established image-based adversarial attack methods against an underwater soundscape classifier to demonstrate the vulnerability of a system reliant on spectrograms. Five methods successfully fooled the target classifier over 80% of the time with small ϵ. Additionally, this thesis introduces a novel, perceptually motivated, audio-based adversarial attack on audio classification systems. The attack modifies an existing attack generation scheme to include perceptually motivated penalty functions with the goal of reducing loudness of the adversarial noise, which reduces the perceptibility of the attack. Inclusion of perceptual metrics in the attack training reduces the relative loudness of generated perturbations by 4.5 dB for attacks against the underwater soundscape classifier and 8.7 dB for speech command classifier on average without impacting the success of the attack.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections