Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Förbättring av kvaliten på "adversarial examples" i ljuddomänen
KTH, School of Engineering Sciences (SCI).
KTH, School of Engineering Sciences (SCI).
2019 (Swedish)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesisAlternative title
Improving the Quality of Audio Adversarial Examples (English)
Abstract [sv]

Syftet med denna studie är att skapa "adversarial exemples" för en tal till text klassificerande modell utan tillgång till den interna strukturen i det neurala nätverk. Tidigare arbete på det här området har visat att "white-box" attacker fungerar, som genererar "adversarial exemples" med mycket hög likhet till originella ljudet och mer bullriga "adversarial exemples" som genereras av "black-box" attacker där dom inte har tillgång till den interna strukturen på det neurala nätverket. Genom att använda en algoritm som iterativt applicerar ljud till ljudfilen och väljer de bästa kandidaterna baserat på utgångsskiktet i det neurala nätverket har vi lyckats skapa nytt ljud som är 98 % likt originalet men lyckas lura tal till text ljud klassificeraren. Genom att utvärdera de genererade kandidaterna baserat på olika likhetsåtgärder mellan den föreslagna kandidaten och den ursprungliga ljudfilen lyckades vi skapa högkvalitativa "black-box adversarial exemples" med hjälp av genetiska algoritmer.

Abstract [en]

The purpose of this study is to create targeted adversarial examples for an audio classifier without access to the neural networks internal structure. Previous work in this domain has shown white box attacks that generate adversarial examples with very high measures of similarity and more noisy adversarial examples generated by black box attacks. By using an algorithm that iteratively applies noise to the audio file and selects the best candidates based on the output layer of the neural network we have managed to create new audio that is 98\% similar to the original but manages to fool the speech to text audio classifier. By evaluating the generated candidates based on different measures of similarity between the proposed candidate and the original audio file we managed to create high quality black box audio adversarial examples using genetic algorithms.

Place, publisher, year, edition, pages
2019.
Series
TRITA-SCI-GRU ; 2019:240
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:kth:diva-255800OAI: oai:DiVA.org:kth-255800DiVA, id: diva2:1341581
Supervisors
Examiners
Available from: 2019-08-09 Created: 2019-08-09 Last updated: 2019-08-09Bibliographically approved

Open Access in DiVA

fulltext(404 kB)9 downloads
File information
File name FULLTEXT01.pdfFile size 404 kBChecksum SHA-512
dc9a7af17cf2680a3375d1b489e311afe83152f28fbd7c3e273c306c8adfcfa70c635ed5c6154fe9d6e5a614b8c0d6bc2c1f721eb6ae5d204d6d248cbe138352
Type fulltextMimetype application/pdf

By organisation
School of Engineering Sciences (SCI)
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 9 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 28 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf