Vulnerabilities in Machine Learning-Based Voice Disorder Detection Systems

TL;DR

This paper implements various attack methods, including adversarial, evasion, and pitching techniques, and evaluates how state-of-the-art disorder detection models respond to them to identify the most effective attack strategies.

Abstract

The impact of voice disorders is becoming more widely acknowledged as a public health issue. Several machine learning-based classifiers with the potential to identify disorders have been used in recent studies to differentiate between normal and pathological voices and sounds. In this paper, we focus on analyzing the vulnerabilities of these systems by exploring the possibility of attacks that can reverse classification and compromise their reliability. Given the critical nature of personal health information, understanding which types of attacks are effective is a necessary first step toward improving the security of such systems. Starting from the original audios, we implement various attack methods, including adversarial, evasion, and pitching techniques, and evaluate how state-of-the-art disorder detection models respond to them. Our findings identify the most effective attack strategies, underscoring the need to address these vulnerabilities in machine-learning systems used in the healthcare domain.

Figures (6)

• Figure 1: High-level diagram of attacks for voice disorder detection systems.
• Figure 2: Results of tone-based evasion attacks.
• Figure 3: Results of the pitch-based evasion attacks.
• Figure 4: Results of PGD and FGSM attacks, using different $\varepsilon$ values.
• Figure 5: Boxplots of scores for snippets of correctly classified files obtained with mel-spectrogram-based classifiers on the HUPA dataset. The boxplots compare the scores from the original unperturbed snippets (pathol and normal) with those subjected to black-box and white-box attacks.