On End-to-End White-Box Adversarial Attacks in Music Information Retrieval

Katharina Prinz; Arthur Flexer; Gerhard Widmer

doi:10.5334/tismir.85

Transactions of the International Society for Music Information Retrieval (Jul 2021)

On End-to-End White-Box Adversarial Attacks in Music Information Retrieval

Katharina Prinz,
Arthur Flexer,
Gerhard Widmer

Affiliations

Katharina Prinz: Johannes Kepler University Linz
Arthur Flexer: Johannes Kepler University Linz
Gerhard Widmer: Johannes Kepler University Linz

DOI: https://doi.org/10.5334/tismir.85
Journal volume & issue: Vol. 4, no. 1

Abstract

Read online

Small adversarial perturbations of input data can drastically change the performance of machine learning systems, thereby challenging their validity. We compare several adversarial attacks targeting an instrument classifier, where for the first time in Music Information Retrieval (MIR) the perturbations are computed directly on the waveform. The attacks can reduce the accuracy of the classifier significantly, while at the same time keeping perturbations almost imperceptible. Furthermore, we show the potential of adversarial attacks being a security issue in MIR by artificially boosting playcounts through an attack on a real-world music recommender system.

Published in Transactions of the International Society for Music Information Retrieval

ISSN: 2514-3298 (Online)
Publisher: Ubiquity Press
Country of publisher: United Kingdom
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Music and books on Music: Music
Website: https://transactions.ismir.net/

About the journal

Abstract

Keywords