Adversarial Perturbations of Physical Signals (2402.17104v1)
Abstract: We investigate the vulnerability of computer-vision-based signal classifiers to adversarial perturbations of their inputs, where the signals and perturbations are subject to physical constraints. We consider a scenario in which a source and interferer emit signals that propagate as waves to a detector, which attempts to classify the source by analyzing the spectrogram of the signal it receives using a pre-trained neural network. By solving PDE-constrained optimization problems, we construct interfering signals that cause the detector to misclassify the source even though the perturbations to the spectrogram of the received signal are nearly imperceptible. Though such problems can have millions of decision variables, we introduce methods to solve them efficiently. Our experiments demonstrate that one can compute effective and physically realizable adversarial perturbations for a variety of machine learning models under various physical conditions.
- Cohen G, Pernet S (2017) Finite Element and Discontinuous Galerkin Methods for Transient Wave Equations (Dordrecht: Springer).
- Cohen L (1995) Time–Frequency Analysis (Upper Saddle River: Prentice Hall).
- Gunzburger MD (2003) Perspectives in Flow Control and Optimization (Philadelphia: SIAM).
- Hughes TJR (2000) The Finite Element Method: Linear Static and Dynamic Finite Element Analysis (Mineola: Dover).
- LeVeque RJ (2007) Finite Difference Methods for Ordinary and Partial Differential Equations (Philadelphia: SIAM).
- Luenberger DG, Ye Y (2008) Linear and Nonlinear Programming (New York: Springer).
- Royset JO, Wets RJB (2022) An Optimization Primer (Cham: Springer).
Sponsor
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.