• Corpus ID: 52891543

Characterizing Audio Adversarial Examples Using Temporal Dependency

@article{Yang2019CharacterizingAA,
  title={Characterizing Audio Adversarial Examples Using Temporal Dependency},
  author={Zhuolin Yang and Bo Li and Pin-Yu Chen and Dawn Xiaodong Song},
  journal={ArXiv},
  year={2019},
  volume={abs/1809.10875}
}
Recent studies have highlighted adversarial examples as a ubiquitous threat to different neural network models and many downstream applications. [] Key Result Our results not only show promising means of improving the robustness of ASR systems, but also offer novel insights in exploiting domain-specific data properties to mitigate negative effects of adversarial examples.

Figures and Tables from this paper

Generating Robust Audio Adversarial Examples with Temporal Dependency
TLDR
A new Iterative Proportional Clipping (IPC) algorithm is proposed that preserves temporal dependency in audios for generating more robust adversarial examples and can significantly reduce human-perceptible noises and resist the defenses based on the temporal structure.
WaveGuard: Understanding and Mitigating Audio Adversarial Examples
TLDR
WaveGuard is introduced: a framework for detecting adversarial inputs that are crafted to attack ASR systems and empirically demonstrates that audio transformations that recover audio from perceptually informed representations can lead to a strong defense that is robust against an adaptive adversary even in a complete whitebox setting.
Defending and Detecting Audio Adversarial Example using Frame Offsets
TLDR
By analyzing the characteristics of ASR systems, it is found that frame offsets with silence clip appended at the beginning of an audio can degenerate adversarial perturbations to normal noise and can defense audio adversarial example in a simpler, more generic and efficient way.
Adversarial Audio Attacks that Evade Temporal Dependency
  • Heng LiuG. Ditzler
  • Computer Science
    2020 IEEE Symposium Series on Computational Intelligence (SSCI)
  • 2020
TLDR
The LSTM model for audio transcription is revisited and a new audio attack algorithm that evades the TD-based detection by explicitly controlling the TD in generated adversarial audios is proposed.
Detecting Adversarial Audio via Activation Quantization Error
  • Heng LiuG. Ditzler
  • Computer Science
    2020 International Joint Conference on Neural Networks (IJCNN)
  • 2020
TLDR
A separate and yet related DNN technique is incorporated to detect adversarial audio, namely model quantization, and it is demonstrated that adversarialaudio typically exhibits a larger activation quantization error than benign audio.
Detecting Audio Adversarial Examples with Logit Noising
TLDR
This paper proposes a novel method to detect audio adversarial examples by adding noise to the logits before feeding them into the decoder of the ASR, and shows that carefully selected noise can significantly impact the transcription results of the audio adversarian examples, whereas it has minimal impact on the transcriptionresults of benign audio waves.
A Unified Framework for Detecting Audio Adversarial Examples
TLDR
A unified adversarial detection framework for detecting adaptive audio adversarial examples, which combines noise padding with sound reverberation is proposed, which consistently outperforms the state-of-the-art audio defense methods, even for the adaptive and robust attacks.
Towards Resistant Audio Adversarial Examples
TLDR
This work finds that due to flaws in the generation process, state-of-the-art adversarial example generation methods cause overfitting because of the binning operation in the target speech recognition system (e.g., Mozilla Deepspeech), and devise an approach to mitigate this flaw, which improves generation of adversarial examples with varying offsets.
GENERATING ROBUST AUDIO ADVERSARIAL EXAM-
TLDR
A new approach to generate adversarial audios using Iterative Proportional Clipping (IPC), which exploits temporal dependency in original audios to significantly limit human-perceptible noise and can bypass temporal dependency based defense mechanisms.
Adversarial attack on Speech-to-Text Recognition Models
TLDR
This paper introduces the first study of weighted-sampling audio adversarial examples, specifically focusing on the factor of the numbers and the positions of distortion to reduce the search space, and proposes a new attack scenario, audio injection attack, which offers some novel insights in the concealment of adversarial attack.
...
...

References

SHOWING 1-10 OF 38 REFERENCES
MagNet: A Two-Pronged Defense against Adversarial Examples
TLDR
MagNet, a framework for defending neural network classifiers against adversarial examples, is proposed and it is shown empirically that MagNet is effective against the most advanced state-of-the-art attacks in blackbox and graybox scenarios without sacrificing false positive rate on normal examples.
EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples
TLDR
The authors' elastic-net attacks to DNNs (EAD) feature L1-oriented adversarial examples and include the state-of-the-art L2 attack as a special case, suggesting novel insights on leveraging L1 distortion in adversarial machine learning and security implications ofDNNs.
Delving into Transferable Adversarial Examples and Black-box Attacks
TLDR
This work is the first to conduct an extensive study of the transferability over large models and a large scale dataset, and it is also theFirst to study the transferabilities of targeted adversarial examples with their target labels.
Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks
TLDR
Two feature squeezing methods are explored: reducing the color bit depth of each pixel and spatial smoothing, which are inexpensive and complementary to other defenses, and can be combined in a joint detection framework to achieve high detection rates against state-of-the-art attacks.
Using Non-invertible Data Transformations to Build Adversarial-Robust Neural Networks
TLDR
A unifying framework for protecting deep neural models using a non-invertible data transformation--developing two adversary-resilient architectures utilizing both linear and nonlinear dimensionality reduction is presented.
Did you hear that? Adversarial Examples Against Automatic Speech Recognition
TLDR
A first of its kind demonstration of adversarial attacks against speech classification model by adding small background noise without having to know the underlying model parameter and architecture is presented.
Towards Evaluating the Robustness of Neural Networks
TLDR
It is demonstrated that defensive distillation does not significantly increase the robustness of neural networks, and three new attack algorithms are introduced that are successful on both distilled and undistilled neural networks with 100% probability are introduced.
Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods
TLDR
It is concluded that adversarialExamples are significantly harder to detect than previously appreciated, and the properties believed to be intrinsic to adversarial examples are in fact not.
A study of the effect of JPG compression on adversarial images
TLDR
It is found that JPG compression often reverses the drop in classification accuracy to a large extent, but not always, and as the magnitude of the perturbations increases, JPG recompression alone is insufficient to reverse the effect.
Invariant Representations for Noisy Speech Recognition
TLDR
This work focuses on investigating neural architectures which produce representations invariant to noise conditions for ASR, and evaluates the proposed architecture on the Aurora-4 task, a popular benchmark for noise robust ASR.
...
...