Skip to content

Latest commit

 

History

History
64 lines (48 loc) · 4.38 KB

README.md

File metadata and controls

64 lines (48 loc) · 4.38 KB

AdvDefenseCM

Change Log

  • 2023-11-16 Additional Note
  • 2023-09-01 Accepted & Early Access
  • 2023-08-03 MI-FGSM, SNR measurement added
  • 2023-07-27 First Decision: Major revision
  • 2023-07-09 Submitted to IEEE Access

Introduction

This repository implements the paper "On the Defense of Spoofing Countermeasures against Adversarial Attacks". This is our attempt to defend against FGSM and PGD attacks using band-pass filter and VisuShrink denoising techniques. We made several changes to the base repository, please refer to the full credits below.

Installation

conda env create -f env.yml Make sure to resolve any problems regarding dependencies.

Usage

We have re-factored the codebase so that it can be run step-by-step, but make sure to modify files in the_config/ folder and the code arguments below. Two augmentation techniques should be run independently for the two experiments. Make sure to spare 1TB (one terabyte) of hard drive for a complete experiment. Otherwise, one can run an attack on a single model (for example, FGSM attack on an LCNN occupies 150GB of disk space.)

Evaluation

Audio samples (CLICK to toggle)

Github does not allow embedding audio contents so I have to used mp4 embedding instead. Make sure to turn on the speaker buttons below.

Bandpass filter has the strongest effect of removing noise from the original audio, whereas adversarial sample does not necessarily have noisier output.

Original sample

LA_E_1239941_original.mp4

Adversarial sample

LA_E_1239941_adv.mp4

Denoised sample

LA_E_1239941_denoised.mp4

Bandpassed sample

LA_E_1239941_bandpassed.mp4

Other notes

  • Some parts of the code are for distillation process. They are not required to reproduce the result of the current paper.
  • During experiments, we used similar settings for fair comparison.
  • The upstream implementation of the authors can be slightly different from report in their paper.

Full credits