Identifying Audio Adversarial Examples via Anomalous Pattern Detection

Akinwande, Victor; Cintas, Celia; Speakman, Skyler; Sridharan, Srihari

doi:10.48550/arxiv.2002.05463

Cited by 2 publications

(3 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We chose these to cover possible real world settings where ASR systems are employed and may be exposed to adversarial attacks, and these noise files are readily available online, making the experiments reproducible. We mix noise with speech at [0, 5,10,15,20] dB SNR levels.…”

Section: E Detection In Noisy Environmentsmentioning

confidence: 99%

“…The works in [11,12,13,14] defend against audio adversarial attacks by preprocessing a speech signal prior to passing it onto the ASR system. An unsupervised method with no need for labelled attacks is presented in [15], where the defence is realised using anomalous pattern detection. Rather than detecting adversarial examples, the work in [16] characterises them using temporal dependencies.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Leveraging Domain Features for Detecting Adversarial Attacks Against Deep Speech Recognition in Noise

Nielsen

2023

IEEE Open J. Signal Process.

View full text Add to dashboard Cite

In recent years, significant progress has been made in deep model-based automatic speech recognition (ASR), leading to its widespread deployment in the real world. At the same time, adversarial attacks against deep ASR systems are highly successful. Various methods have been proposed to defend ASR systems from these attacks. However, existing classification based methods focus on the design of deep learning models while lacking exploration of domain specific features. This work leverages filter bank-based features to better capture the characteristics of attacks for improved detection. Furthermore, the paper analyses the potentials of using speech and non-speech parts separately in detecting adversarial attacks. In the end, considering adverse environments where ASR systems may be deployed, we study the impact of acoustic noise of various types and signal-to-noise ratios. Extensive experiments show that the inverse filter bank features generally perform better in both clean and noisy environments, the detection is effective using either speech or non-speech part, and the acoustic noise can largely degrade the detection performance.

show abstract

Section: E Detection In Noisy Environmentsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Leveraging Domain Features for Detecting Adversarial Attacks Against Deep Speech Recognition in Noise

Nielsen

2023

IEEE Open J. Signal Process.

View full text Add to dashboard Cite

show abstract

“…Target Generality Knowledge [8], [15], [24], [38], [43], [63], [64], [73], [120], [124] Before Sensor Universal None [7], [31], [36], [45], [49], [61], [87], [88], [93], [103], [110], [140], [141], [145], [147] Between Sensor and ASR Specific Partial [105], [106], [122], [123], [133] Inside ASR Specific Full perturbation cancellation [36], [45], [49], [110], adding distortion [61], [87], [103], signal smoothing [45], audio compression [31], [88], [147]) to destruct the adversarial perturbation (if any) to protect ASR systems. Other works apply an extra detection network [7], [46], [93], [140], [141] or multi-model detection mechanism [145]. However, those defense s...…”

Section: Defensementioning

confidence: 99%

SoK: A Modularized Approach to Study the Security of Automatic Speech Recognition Systems

Chen¹,

Zhang²,

Yuan³

et al. 2021

Preprint

View full text Add to dashboard Cite

With the wide use of Automatic Speech Recognition (ASR) in applications such as human machine interaction, simultaneous interpretation, audio transcription, etc., its security protection becomes increasingly important. Although recent studies have brought to light the weaknesses of popular ASR systems that enable out-of-band signal attack, adversarial attack, etc., and further proposed various remedies (signal smoothing, adversarial training, etc.), a systematic understanding of ASR security (both attacks and defenses) is still missing, especially on how realistic such threats are and how general existing protection could be. In this paper, we present our systematization of knowledge for ASR security and provide a comprehensive taxonomy for existing work based on a modularized workflow. More importantly, we align the research in this domain with that on security in Image Recognition System (IRS), which has been extensively studied, using the domain knowledge in the latter to help understand where we stand in the former. Generally, both IRS and ASR are perceptual systems. Their similarities allow us to systematically study existing literature in ASR security based on the spectrum of attacks and defense solutions proposed for IRS, and pinpoint the directions of more advanced attacks and the directions potentially leading to more effective protection in ASR. In contrast, their differences, especially the complexity of ASR compared with IRS, help us learn unique challenges and opportunities in ASR security. Particularly, our experimental study shows that transfer attacks across ASR models is feasible, even in the absence of knowledge about models (even their types) and training data.

show abstract

Identifying Audio Adversarial Examples via Anomalous Pattern Detection

Cited by 2 publications

References 20 publications

Leveraging Domain Features for Detecting Adversarial Attacks Against Deep Speech Recognition in Noise

Leveraging Domain Features for Detecting Adversarial Attacks Against Deep Speech Recognition in Noise

SoK: A Modularized Approach to Study the Security of Automatic Speech Recognition Systems

Contact Info

Product

Resources

About