With recent developments in machine learning models and their impressive performance in speech recognition tasks, human-computer interaction is becoming increasingly reliant on speech communication. However, these methods can be tricked by humans with “adversarial” attacks that purposely modify the input to create a false prediction without the changes being observed by humans.
According to researchers, it’s critical to identify whether a model or program has flaws. While much research has concentrated on developing novel strategies for creating adversarial perturbations, less attention has been paid to the factors that influence whether or not these perturbations can be perceived by humans, as well as what these factors are. This is significant since the proposed adversarial perturbation tactics are only dangerous if the perturbations are undetectable by humans.
When an adversarial perturbation is given to an audio classification model, the model begins to hear ‘no,’ or any other command that is not supposed to execute. Therefore, such attacks have severe consequences when these technologies are used to real-world or extremely sensitive challenges. However, the explanation for this occurrence remains a mystery.
Researchers from the University of the Basque Country conducted a study to investigate how well the distortion metrics suggested in the literature for audio adversarial scenarios can accurately quantify the human perception of perturbations. The researchers demonstrated that the conventional metrics are not entirely resilient in an experiment in which 36 people rated audio disturbances based on numerous parameters. In other words, they do not adequately mimic human auditory perception.
Furthermore, the researchers have proposed a more robust evaluation method based on the analysis of specific properties in the audio that are relevant when assessing detectability. For example, the audio parts in which a perturbation is most detectable.