On the human evaluation of audio adversarial examples

Vadillo, Jon; Santana, Roberto

doi:10.48550/arxiv.2001.08444

Cited by 2 publications

(3 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(Means and SDs differed across the experiments, with Experiment 2 yielding worse overall performance but less variance and more included subjects.) 9 We note that Vadillo and Santana (2020) also demonstrate that subjects found some adversarial stimuli to be less natural than nonadversarial stimuli. This difference is more in line with the present work, as it demonstrates subjects' perception of specific differences between clips that may signal that the stimuli contain an adversarial attack.…”

Section: Open Research Badgesmentioning

confidence: 71%

“…The present work also joins other projects that have begun to explore similar themes. For example, Vadillo and Santana (2020) use adversarial speech stimuli consisting of regular audio overlaid with specific noise patterns that cause a speech recognition system to misclassify the audio clips. These authors also advocate for careful human subjects testing before describing an adversarial audio attack as "imperceptible," though their studies primarily focus on the more basic capacity to distinguish clips containing adversarial attacks from normal clips.…”

Section: Psychophysically Inspiredmentioning

confidence: 99%

See 1 more Smart Citation

Can You Hear Me Now? Sensitive Comparisons of Human and Machine Perception

Lepori¹,

Firestone²

2022

Cognitive Science

View full text Add to dashboard Cite

The rise of machine‐learning systems that process sensory input has brought with it a rise in comparisons between human and machine perception. But such comparisons face a challenge: Whereas machine perception of some stimulus can often be probed through direct and explicit measures, much of human perceptual knowledge is latent, incomplete, or unavailable for explicit report. Here, we explore how this asymmetry can cause such comparisons to misestimate the overlap in human and machine perception. As a case study, we consider human perception of adversarial speech — synthetic audio commands that are recognized as valid messages by automated speech‐recognition systems but that human listeners reportedly hear as meaningless noise. In five experiments, we adapt task designs from the human psychophysics literature to show that even when subjects cannot freely transcribe such speech commands (the previous benchmark for human understanding), they can sometimes demonstrate other forms of understanding, including discriminating adversarial speech from closely matched nonspeech (Experiments 1 and 2), finishing common phrases begun in adversarial speech (Experiments 3 and 4), and solving simple math problems posed in adversarial speech (Experiment 5) — even for stimuli previously described as unintelligible to human listeners. We recommend the adoption of such “sensitive tests” when comparing human and machine perception, and we discuss the broader consequences of such approaches for assessing the overlap between systems.

show abstract

Section: Open Research Badgesmentioning

confidence: 71%

Section: Psychophysically Inspiredmentioning

confidence: 99%

Can You Hear Me Now? Sensitive Comparisons of Human and Machine Perception

Lepori¹,

Firestone²

2022

Cognitive Science

View full text Add to dashboard Cite

show abstract

“…Research in this area could help building more effective adversarial example studies. We notice that there is a recent work [93] developing this area.…”

Section: Discussionmentioning

confidence: 99%

Personal Voice Assistant Security and Privacy—A Survey

Cheng

Roedig

2022

Proc. IEEE

View full text Add to dashboard Cite

Personal voice assistants (PVAs) are increasingly used as interfaces to digital environments. Voice commands are used to interact with phones, smart homes, or cars. In the United States alone, the number of smart speakers, such as Amazon's Echo and Google Home, has grown by 78% to 118.5 million, and 21% of the U.S. population own at least one device. Given the increasing dependency of society on PVAs, security and privacy of these have become a major concern of users, manufacturers, and policy makers. Consequently, a steep increase in research efforts addressing security and privacy of PVAs can be observed in recent years. While some security and privacy research applicable to the PVA domain predates their recent increase in popularity, many new research strands have emerged. This article provides a survey of the state of the art in PVA security and privacy. The focus of this work is on the security and privacy challenges arising from the use of the acoustic channel. Work that describes both attacks and countermeasures is discussed. We highlight established areas such as voice authentication (VA) and new areas such as acoustic Denial of Service (DoS) that deserve more attention. This survey describes research areas where the threat is relatively well understood but where countermeasures are lacking, for example, in the area of hidden voice commands. We also discuss work that looks at privacy implications; for example, work on management of recording Manuscript

show abstract

On the human evaluation of audio adversarial examples

Cited by 2 publications

References 34 publications

Can You Hear Me Now? Sensitive Comparisons of Human and Machine Perception

Can You Hear Me Now? Sensitive Comparisons of Human and Machine Perception

Personal Voice Assistant Security and Privacy—A Survey

Contact Info

Product

Resources

About