Enhancing transferability of black-box adversarial attacks via lifelong learning for speech emotion recognition models

Zhao Ren; Jing Han; Nicholas Cummins; Björn W. Schuller

doi:10.21437/Interspeech.2020-1869

Enhancing transferability of black-box adversarial attacks via lifelong learning for speech emotion recognition models

Zhao Ren, Jing Han, Nicholas Cummins, Björn W. Schuller

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

13 Scopus citations

Abstract

Well-designed adversarial examples can easily fool deep speech emotion recognition models into misclassifications. The transferability of adversarial attacks is a crucial evaluation indicator when generating adversarial examples to fool a new target model or multiple models. Herein, we propose a method to improve the transferability of black-box adversarial attacks using lifelong learning. First, black-box adversarial examples are generated by an atrous Convolutional Neural Network (CNN) model. This initial model is trained to attack a CNN target model. Then, we adapt the trained atrous CNN attacker to a new CNN target model using lifelong learning. We use this paradigm, as it enables multi-task sequential learning, which saves more memory space than conventional multi-task learning. We verify this property on an emotional speech database, by demonstrating that the updated atrous CNN model can attack all target models which have been learnt, and can better attack a new target model than an attack model trained on one target model only.

Original language	English
Title of host publication	Interspeech 2020
Publisher	International Speech Communication Association
Pages	496-500
Number of pages	5
ISBN (Print)	9781713820697
DOIs	https://doi.org/10.21437/Interspeech.2020-1869
State	Published - 2020
Externally published	Yes
Event	21st Annual Conference of the International Speech Communication Association, INTERSPEECH 2020 - Shanghai, China Duration: 25 Oct 2020 → 29 Oct 2020

Publication series

Name	Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH
Volume	2020-October
ISSN (Print)	2308-457X
ISSN (Electronic)	1990-9772

Conference

Conference	21st Annual Conference of the International Speech Communication Association, INTERSPEECH 2020
Country/Territory	China
City	Shanghai
Period	25/10/20 → 29/10/20

Keywords

Black-box Adversarial Attacks
Lifelong Learning
Speech Emotion Recognition
Transferability

Access to Document

10.21437/Interspeech.2020-1869

Cite this

Ren, Z., Han, J., Cummins, N., & Schuller, B. W. (2020). Enhancing transferability of black-box adversarial attacks via lifelong learning for speech emotion recognition models. In Interspeech 2020 (pp. 496-500). (Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH; Vol. 2020-October). International Speech Communication Association. https://doi.org/10.21437/Interspeech.2020-1869

@inproceedings{636ea928cede4e4bafae7fb6c1910db0,

title = "Enhancing transferability of black-box adversarial attacks via lifelong learning for speech emotion recognition models",

abstract = "Well-designed adversarial examples can easily fool deep speech emotion recognition models into misclassifications. The transferability of adversarial attacks is a crucial evaluation indicator when generating adversarial examples to fool a new target model or multiple models. Herein, we propose a method to improve the transferability of black-box adversarial attacks using lifelong learning. First, black-box adversarial examples are generated by an atrous Convolutional Neural Network (CNN) model. This initial model is trained to attack a CNN target model. Then, we adapt the trained atrous CNN attacker to a new CNN target model using lifelong learning. We use this paradigm, as it enables multi-task sequential learning, which saves more memory space than conventional multi-task learning. We verify this property on an emotional speech database, by demonstrating that the updated atrous CNN model can attack all target models which have been learnt, and can better attack a new target model than an attack model trained on one target model only.",

keywords = "Black-box Adversarial Attacks, Lifelong Learning, Speech Emotion Recognition, Transferability",

author = "Zhao Ren and Jing Han and Nicholas Cummins and Schuller, {Bj{\"o}rn W.}",

note = "Publisher Copyright: Copyright {\textcopyright} 2020 ISCA; 21st Annual Conference of the International Speech Communication Association, INTERSPEECH 2020 ; Conference date: 25-10-2020 Through 29-10-2020",

year = "2020",

doi = "10.21437/Interspeech.2020-1869",

language = "English",

isbn = "9781713820697",

series = "Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH",

publisher = "International Speech Communication Association",

pages = "496--500",

booktitle = "Interspeech 2020",

}

Ren, Z, Han, J, Cummins, N & Schuller, BW 2020, Enhancing transferability of black-box adversarial attacks via lifelong learning for speech emotion recognition models. in Interspeech 2020. Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH, vol. 2020-October, International Speech Communication Association, pp. 496-500, 21st Annual Conference of the International Speech Communication Association, INTERSPEECH 2020, Shanghai, China, 25/10/20. https://doi.org/10.21437/Interspeech.2020-1869

Enhancing transferability of black-box adversarial attacks via lifelong learning for speech emotion recognition models. / Ren, Zhao; Han, Jing; Cummins, Nicholas et al.
Interspeech 2020. International Speech Communication Association, 2020. p. 496-500 (Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH; Vol. 2020-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Enhancing transferability of black-box adversarial attacks via lifelong learning for speech emotion recognition models

AU - Ren, Zhao

AU - Han, Jing

AU - Cummins, Nicholas

AU - Schuller, Björn W.

PY - 2020

Y1 - 2020

N2 - Well-designed adversarial examples can easily fool deep speech emotion recognition models into misclassifications. The transferability of adversarial attacks is a crucial evaluation indicator when generating adversarial examples to fool a new target model or multiple models. Herein, we propose a method to improve the transferability of black-box adversarial attacks using lifelong learning. First, black-box adversarial examples are generated by an atrous Convolutional Neural Network (CNN) model. This initial model is trained to attack a CNN target model. Then, we adapt the trained atrous CNN attacker to a new CNN target model using lifelong learning. We use this paradigm, as it enables multi-task sequential learning, which saves more memory space than conventional multi-task learning. We verify this property on an emotional speech database, by demonstrating that the updated atrous CNN model can attack all target models which have been learnt, and can better attack a new target model than an attack model trained on one target model only.

AB - Well-designed adversarial examples can easily fool deep speech emotion recognition models into misclassifications. The transferability of adversarial attacks is a crucial evaluation indicator when generating adversarial examples to fool a new target model or multiple models. Herein, we propose a method to improve the transferability of black-box adversarial attacks using lifelong learning. First, black-box adversarial examples are generated by an atrous Convolutional Neural Network (CNN) model. This initial model is trained to attack a CNN target model. Then, we adapt the trained atrous CNN attacker to a new CNN target model using lifelong learning. We use this paradigm, as it enables multi-task sequential learning, which saves more memory space than conventional multi-task learning. We verify this property on an emotional speech database, by demonstrating that the updated atrous CNN model can attack all target models which have been learnt, and can better attack a new target model than an attack model trained on one target model only.

KW - Black-box Adversarial Attacks

KW - Lifelong Learning

KW - Speech Emotion Recognition

KW - Transferability

UR - http://www.scopus.com/inward/record.url?scp=85098108890&partnerID=8YFLogxK

U2 - 10.21437/Interspeech.2020-1869

DO - 10.21437/Interspeech.2020-1869

M3 - Conference contribution

AN - SCOPUS:85098108890

SN - 9781713820697

T3 - Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH

SP - 496

EP - 500

BT - Interspeech 2020

PB - International Speech Communication Association

T2 - 21st Annual Conference of the International Speech Communication Association, INTERSPEECH 2020

Y2 - 25 October 2020 through 29 October 2020

ER -

Ren Z, Han J, Cummins N, Schuller BW. Enhancing transferability of black-box adversarial attacks via lifelong learning for speech emotion recognition models. In Interspeech 2020. International Speech Communication Association. 2020. p. 496-500. (Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH). doi: 10.21437/Interspeech.2020-1869

Enhancing transferability of black-box adversarial attacks via lifelong learning for speech emotion recognition models

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this