Defending a Music Recommender Against Hubness-Based Adversarial Attacks

Katharina Hoedt; Arthur Flexer; Gerhard Widmer

Defending a Music Recommender Against Hubness-Based Adversarial Attacks

Institute of Computational Perception

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

Abstract

Adversarial attacks can drastically degrade performance of recommenders and other machine learning systems, resulting in an increased demand for defence mechanisms. We present a new line of defence against attacks which exploit a vulnerability of recommenders that operate in high dimensional data spaces (the so-called hubness problem). We use a global data scaling method, namely Mutual Proximity (MP), to defend a real-world music recommender which previously was susceptible to attacks that inflated the number of times a particular song was recommended. We find that using MP as a defence greatly increases robustness of the recommender against a range of attacks, with success rates of attacks around 44% (before defence) dropping to less than 6% (after defence). Additionally, adversarial examples still able to fool the defended system do so at the price of noticeably lower audio quality as shown by a decreased average SNR.

Original language	English
Title of host publication	Proceedings of the Sound and Music Computing Conference (SMC 2022)
Editors	Romain Michon, Laurent Pottier, Yann Orlarey
Pages	389-394
Number of pages	6
ISBN (Electronic)	9782958412609
Publication status	Published - Jun 2022

Publication series

Name	Proceedings of the Sound and Music Computing Conferences
ISSN (Electronic)	2518-3672

Fields of science

202002 Audiovisual media
102 Computer Sciences
102001 Artificial intelligence
102003 Image processing
102015 Information systems

JKU Focus areas

Digital Transformation

Cite this

@inproceedings{88514a203f144e7aa711135aee2ab4da,

title = "Defending a Music Recommender Against Hubness-Based Adversarial Attacks",

abstract = "Adversarial attacks can drastically degrade performance of recommenders and other machine learning systems, resulting in an increased demand for defence mechanisms. We present a new line of defence against attacks which exploit a vulnerability of recommenders that operate in high dimensional data spaces (the so-called hubness problem). We use a global data scaling method, namely Mutual Proximity (MP), to defend a real-world music recommender which previously was susceptible to attacks that inflated the number of times a particular song was recommended. We find that using MP as a defence greatly increases robustness of the recommender against a range of attacks, with success rates of attacks around 44\% (before defence) dropping to less than 6\% (after defence). Additionally, adversarial examples still able to fool the defended system do so at the price of noticeably lower audio quality as shown by a decreased average SNR.",

author = "Katharina Hoedt and Arthur Flexer and Gerhard Widmer",

year = "2022",

month = jun,

language = "English",

series = "Proceedings of the Sound and Music Computing Conferences",

pages = "389--394",

editor = "Romain Michon and Laurent Pottier and Yann Orlarey",

booktitle = "Proceedings of the Sound and Music Computing Conference (SMC 2022)",

}

Defending a Music Recommender Against Hubness-Based Adversarial Attacks. / Hoedt, Katharina ; Flexer, Arthur ; Widmer, Gerhard.
Proceedings of the Sound and Music Computing Conference (SMC 2022). ed. / Romain Michon; Laurent Pottier; Yann Orlarey. 2022. p. 389-394 (Proceedings of the Sound and Music Computing Conferences).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

TY - GEN

T1 - Defending a Music Recommender Against Hubness-Based Adversarial Attacks

AU - Hoedt, Katharina

AU - Flexer, Arthur

AU - Widmer, Gerhard

PY - 2022/6

Y1 - 2022/6

N2 - Adversarial attacks can drastically degrade performance of recommenders and other machine learning systems, resulting in an increased demand for defence mechanisms. We present a new line of defence against attacks which exploit a vulnerability of recommenders that operate in high dimensional data spaces (the so-called hubness problem). We use a global data scaling method, namely Mutual Proximity (MP), to defend a real-world music recommender which previously was susceptible to attacks that inflated the number of times a particular song was recommended. We find that using MP as a defence greatly increases robustness of the recommender against a range of attacks, with success rates of attacks around 44% (before defence) dropping to less than 6% (after defence). Additionally, adversarial examples still able to fool the defended system do so at the price of noticeably lower audio quality as shown by a decreased average SNR.

AB - Adversarial attacks can drastically degrade performance of recommenders and other machine learning systems, resulting in an increased demand for defence mechanisms. We present a new line of defence against attacks which exploit a vulnerability of recommenders that operate in high dimensional data spaces (the so-called hubness problem). We use a global data scaling method, namely Mutual Proximity (MP), to defend a real-world music recommender which previously was susceptible to attacks that inflated the number of times a particular song was recommended. We find that using MP as a defence greatly increases robustness of the recommender against a range of attacks, with success rates of attacks around 44% (before defence) dropping to less than 6% (after defence). Additionally, adversarial examples still able to fool the defended system do so at the price of noticeably lower audio quality as shown by a decreased average SNR.

UR - https://www.scopus.com/pages/publications/85137731983

M3 - Conference proceedings

T3 - Proceedings of the Sound and Music Computing Conferences

SP - 389

EP - 394

BT - Proceedings of the Sound and Music Computing Conference (SMC 2022)

A2 - Michon, Romain

A2 - Pottier, Laurent

A2 - Orlarey, Yann

ER -

Defending a Music Recommender Against Hubness-Based Adversarial Attacks

Abstract

Publication series

Fields of science

JKU Focus areas

Other files and links

Cite this