TL;DR
This paper introduces a black-box method for generating targeted adversarial examples against audio transcription systems, combining genetic algorithms and gradient estimation to effectively fool deep speech recognition models.
Contribution
It presents a novel black-box attack technique that does not require knowledge of model parameters, achieving high success rates in fooling ASR systems.
Findings
89.25% targeted attack similarity after 3000 generations
94.6% audio file similarity maintained
Effective black-box adversarial attack method
Abstract
The application of deep recurrent networks to audio transcription has led to impressive gains in automatic speech recognition (ASR) systems. Many have demonstrated that small adversarial perturbations can fool deep neural networks into incorrectly predicting a specified target with high confidence. Current work on fooling ASR systems have focused on white-box attacks, in which the model architecture and parameters are known. In this paper, we adopt a black-box approach to adversarial generation, combining the approaches of both genetic algorithms and gradient estimation to solve the task. We achieve a 89.25% targeted attack similarity after 3000 generations while maintaining 94.6% audio file similarity.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
