Journal
KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS
Volume 15, Issue 4, Pages 1538-1552Publisher
KSII-KOR SOC INTERNET INFORMATION
DOI: 10.3837/tiis.2021.04.019
Keywords
Speech Recognition Safety; Adversarial Defense; Adversarial Detection; Audio Adversarial Example; ASR
Ask authors/readers for more resources
This study focuses on countermeasures against audio adversarial examples, finding that frame offsets with silence clip appended at the beginning of an audio can degenerate adversarial perturbations to normal noise. Different strategies like defending, detecting, and hybrid strategies are proposed to exploit frame offsets for various scenarios, offering a simpler, more generic, and efficient defense method against audio adversarial examples.
Machine learning models are vulnerable to adversarial examples generated by adding a deliberately designed perturbation to a benign sample. Particularly, for automatic speech recognition (ASR) system, a benign audio which sounds normal could be decoded as a harmful command due to potential adversarial attacks. In this paper, we focus on the countermeasures against audio adversarial examples. By analyzing the characteristics of ASR systems, we find that frame offsets with silence clip appended at the beginning of an audio can degenerate adversarial perturbations to normal noise. For various scenarios, we exploit frame offsets by different strategies such as defending, detecting and hybrid strategy. Compared with the previous methods, our proposed method can defense audio adversarial example in a simpler, more generic and efficient way. Evaluated on three state-of-the-arts adversarial attacks against different ASR systems respectively, the experimental results demonstrate that the proposed method can effectively improve the robustness of ASR systems.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available