Defending and Detecting Audio Adversarial Example using Frame Offsets

Machine learning models are vulnerable to adversarial examples generated by adding a deliberately designed perturbation to a benign sample. Particularly, for automatic speech recognition (ASR) system, a benign audio which sounds normal could be decoded as a harmful command due to potential adversarial attacks. In this paper, we focus on the countermeasures against audio adversarial examples. By analyzing the characteristics of ASR systems, we find that frame offsets with silence clip appended at the beginning of an audio can degenerate adversarial perturbations to normal noise. For various scenarios, we exploit frame offsets by different strategies such as defending, detecting and hybrid strategy. Compared with the previous methods, our proposed method can defense audio adversarial example in a simpler, more generic and efficient way. Evaluated on three state-of-the-arts adversarial attacks against different ASR systems respectively, the experimental results demonstrate that the proposed method can effectively improve the robustness of ASR systems.

Automated summary

This study focuses on countermeasures against audio adversarial examples, finding that frame offsets with silence clip appended at the beginning of an audio can degenerate adversarial perturbations to normal noise. Different strategies like defending, detecting, and hybrid strategies are proposed to exploit frame offsets for various scenarios, offering a simpler, more generic, and efficient defense method against audio adversarial examples.