advdefensecm

"On the Defense of Spoofing Countermeasures against Adversarial Attacks" , IEEE Access, 2023.

https://github.com/nguyenvulong/advdefensecm

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (13.0%) to scientific vocabulary
Last synced: 6 months ago · JSON representation ·

Repository

"On the Defense of Spoofing Countermeasures against Adversarial Attacks" , IEEE Access, 2023.

Basic Info
Statistics
  • Stars: 1
  • Watchers: 1
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created over 2 years ago · Last pushed about 1 year ago
Metadata Files
Readme Citation

README.md

AdvDefenseCM

Change Log

  • 2023-11-16 Additional Note
  • 2023-09-01 Accepted & Early Access
  • 2023-08-03 MI-FGSM, SNR measurement added
  • 2023-07-27 First Decision: Major revision
  • 2023-07-09 Submitted to IEEE Access

Introduction

This repository implements the paper "On the Defense of Spoofing Countermeasures against Adversarial Attacks". This is our attempt to defend against FGSM and PGD attacks using band-pass filter and VisuShrink denoising techniques. We made several changes to the base repository, please refer to the full credits below.

Installation

conda env create -f env.yml Make sure to resolve any problems regarding dependencies.

Usage

We have re-factored the codebase so that it can be run step-by-step, but make sure to modify files in the_config/ folder and the code arguments below. Two augmentation techniques should be run independently for the two experiments. Make sure to spare 1TB (one terabyte) of hard drive for a complete experiment. Otherwise, one can run an attack on a single model (for example, FGSM attack on an LCNN occupies 150GB of disk space.)

Audio samples (CLICK to toggle)

Github does not allow embedding audio contents so I have to used mp4 embedding instead. Make sure to turn on the speaker buttons below.

Bandpass filter has the strongest effect of removing noise from the original audio, whereas adversarial sample does not necessarily have noisier output.

Original sample

https://github.com/nguyenvulong/AdvDefenseCM/assets/1311412/1f57d32a-74dd-4ec6-8bbc-e79224e75aa8

Adversarial sample

https://github.com/nguyenvulong/AdvDefenseCM/assets/1311412/1d3d2d6f-1f3f-41d5-ba2f-71c9e297e357

Denoised sample

https://github.com/nguyenvulong/AdvDefenseCM/assets/1311412/f150bef2-8916-4ab9-93a6-6d2ccacba96e

Bandpassed sample

https://github.com/nguyenvulong/AdvDefenseCM/assets/1311412/050ea798-31e8-4bb5-8ee9-7c496983c760

Other notes

  • Some parts of the code are for distillation process. They are not required to reproduce the result of the current paper.
  • During experiments, we used similar settings for fair comparison.
  • The upstream implementation of the authors can be slightly different from report in their paper.

Full credits

  • VisuShrink denoising: https://github.com/AP-Atul/Audio-Denoising
  • sox for band-pass filter: https://sox.sourceforge.net
  • Adversarial Robustness toolbox (ART): https://github.com/Trusted-AI/adversarial-robustness-toolbox
  • torchattacks: https://adversarial-attacks-pytorch.readthedocs.io/
  • We thank the authors of the paper "Adversarial Attacks on Spoofing Countermeasures of automatic speaker verification" for their code base of the two models LCNN and SENet. Their code base can be found here: https://github.com/ano-demo/AdvAttacksASVspoof.

  • Today (2023-11-16), I discovered a paper name "DOMPTEUR: Taming Audio Adversarial Examples" where the authors also did a similar technique to limit the frequencty to 300−5000Hz. Unfortunately, my finding was too late so I could not reference this paper in my manuscript. Even though the our study was independently conducted, I would like to shout out to the authors since they are way earlier than us in using this method to defend against adversarial attacks in Automatic Speech Recognition (ASR) systems. While our study is about spoofing countermeasures, the effect should be very similar if not identical.

Owner

  • Name: Long
  • Login: nguyenvulong
  • Kind: user

Citation (CITATION.cff)

cff-version: "1.2.0"
authors:
- family-names: Nguyen-Vu
  given-names: Long
  orcid: "https://orcid.org/0000-0002-7764-6235"
- family-names: Doan
  given-names: Thien-Phuc
  orcid: "https://orcid.org/0000-0001-7988-5953"
- family-names: Bui
  given-names: Mai
  orcid: "https://orcid.org/0009-0006-5953-6266"
- family-names: Hong
  given-names: Kihun
  orcid: "https://orcid.org/0000-0002-5538-3630"
- family-names: Jung
  given-names: Souhwan
  orcid: "https://orcid.org/0000-0003-2676-3412"
doi: 10.1109/ACCESS.2023.3310809
message: If you use this research, please cite it as below.
preferred-citation:
  authors:
  - family-names: Nguyen-Vu
    given-names: Long
    orcid: "https://orcid.org/0000-0002-7764-6235"
  - family-names: Doan
    given-names: Thien-Phuc
    orcid: "https://orcid.org/0000-0001-7988-5953"
  - family-names: Bui
    given-names: Mai
    orcid: "https://orcid.org/0009-0006-5953-6266"
  - family-names: Hong
    given-names: Kihun
    orcid: "https://orcid.org/0000-0002-5538-3630"
  - family-names: Jung
    given-names: Souhwan
    orcid: "https://orcid.org/0000-0003-2676-3412"
  date-published: 2023-08-31
  doi: 10.1109/ACCESS.2023.3310809
  journal: IEEE Access
  year: 2023
  publisher:
    name: IEEE Access
  title: "On the defense of spoofing countermeasures against adversarial attacks"
  type: article
  url: "https://github.com/nguyenvulong/AdvDefenseCM"
title: "On the defense of spoofing countermeasures against adversarial attacks"



GitHub Events

Total
  • Push event: 4
Last Year
  • Push event: 4

Issues and Pull Requests

Last synced: about 1 year ago

All Time
  • Total issues: 0
  • Total pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Total issue authors: 0
  • Total pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Top Authors
Issue Authors
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels

Dependencies

environment.yml pypi
  • appdirs ==1.4.4
  • audioread ==2.1.9
  • cached-property ==1.5.2
  • decorator ==5.1.1
  • h5py ==3.6.0
  • joblib ==1.1.0
  • librosa ==0.9.1
  • llvmlite ==0.38.0
  • numba ==0.55.1
  • packaging ==21.3
  • pandas ==1.3.5
  • pillow ==9.2.0
  • pooch ==1.6.0
  • python-dateutil ==2.8.2
  • pywavelets ==1.3.0
  • pyyaml ==5.4.1
  • resampy ==0.2.2
  • samplerate ==0.1.0
  • soundfile ==0.10.3.post1
  • spafe ==0.1.2
  • torchsummary ==1.5.1
  • tqdm ==4.63.0