Real-Time Adversarial Attacks
Authors: Yuan Gong, Boyang Li, Christian Poellabauer, Yiyu Shi
IJCAI 2019 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In our experiments, we test the dataset and target model mentioned in Section 3.1. The data is split as follows: we first hold out 20% of the data as the test set (test set 2) for evaluating the attack performance; so it is not seen by the target model and the attack model. We use the other 80% of the data to train the target voice recognition model; this same set is then reused to develop the attack model. |
| Researcher Affiliation | Academia | Yuan Gong , Boyang Li , Christian Poellabauer and Yiyu Shi University of Notre Dame {ygong1, bli1, cpoellab, yshi4}@nd.edu |
| Pseudocode | Yes | Algorithm 1 Real-time Adversarial Attack |
| Open Source Code | Yes | Corresponding code and demos are available at https://github. com/Yuan Gong ND/realtime-adversarial-attack |
| Open Datasets | Yes | We train the voice command recognition model exactly as in the implementation of the Tensorflow example using the voice command dataset [Warden, 2018] |
| Dataset Splits | Yes | The data is split as follows: we first hold out 20% of the data as the test set (test set 2) for evaluating the attack performance; so it is not seen by the target model and the attack model. We use the other 80% of the data to train the target voice recognition model; this same set is then reused to develop the attack model. Specifically, we use 75% of this set to train the attack model (attack training set), 6.25% for validation, and 18.75% for testing (test set 1). |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU/CPU models, memory amounts, or detailed computer specifications) used for running its experiments. |
| Software Dependencies | No | The paper mentions 'TensorFlow' and 'ADAM optimizer' but does not provide specific version numbers for these or any other key software dependencies. |
| Experiment Setup | Yes | We use 1e-3 as the learning rate, mean square loss, and ADAM optimizer [Kingma and Ba, 2014] for training. [...] As shown in Table 1, we use an end-to-end neural network. [...] The frequency of the speech signal (i.e., 16 k Hz) is much higher than the possible update speed of the real-time adversarial perturbation generator. Therefore, we apply batch processing as mentioned in Section 2.3; specifically, the adversarial generator updates every 0.01 second and each update makes a decision on the actions for 0.01 seconds, so the delay is also 0.01 seconds. |