Perception-Aware Attack Against Music Copyright Detection: Impacts and Defenses

作     者：Duan, Rui Qu, Zhe Zhao, Shangqing Ding, Leah Liu, Yao Lu, Zhuo 

作者机构：Univ Missouri Kansas City Sch Sci & Engn Kansas City MO 64110 USA Cent South Univ Sch Comp Sci & Engn Changsha 410017 Peoples R China Univ Oklahoma Sch Comp Sci Tulsa OK 74135 USA Amer Univ Dept Comp Sci Washington DC 20016 USA Univ S Florida Dept Comp Sci & Engn Tampa FL 33620 USA Univ S Florida Dept Elect Engn Tampa FL 33620 USA 

出 版 物：《IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING》 (IEEE Trans. Dependable Secure Comput.)

年 卷 期：2025年第22卷第3期

页      面：2959-2977页

核心收录：

学科分类：0808[工学-电气工程] 08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Multiple signal classification Perturbation methods Copyright protection Speech recognition Computational modeling Neural networks Fingerprint recognition Adversarial machine learning Web sites Video on demand Security computer audio systems applications machine learning 

摘      要：Recently, adversarial machine learning attacks have posed serious security threats against practical audio signal classification systems, including speech recognition, speaker recognition, music copyright detection. Most existing studies have mainly focused on ensuring the effectiveness of attacking an audio signal classifier via creating a noise-like perturbation on the original signal, which remains a gap in preserving the human perception of adversarial audios. This paper presents a novel perspective to create adversarial audios by integrating the human perception model into the attack formulation to generate well-perceived adversarial examples. Different from conventional approaches which primarily focused on using $L_{p}$Lp norm to preserve the audio quality, we adopt a human study to understand how human participants react to different types of music perturbations, build a Siamese Neural Network (SNN) based model to characterize the human perception. The new findings of the human perception study guide us to formulate a new computationally efficient, multiple-feature-based perception-aware (CEMF-PA) attack, which manipulates different audio signal features to find an optimal perturbed music signal against music copyright detection. This novel attack vector opens a new door to generating highly effective, well-perceived adversarial audio signals via manipulating the auditory features. Experimental results show that the proposed attack is effective against YouTube s copyright detection. Finally, we propose the defense strategy design to make the copyright detection more robust to adversarial music signals generated by the CEMF-PA attack.