ADAGIO: Interactive Experimentation with Adversarial Attack and Defense for Audio

TL;DR

ADAGIO is an interactive tool enabling real-time experimentation with adversarial attacks and defenses on speech recognition models, demonstrating effective defense techniques based on psychoacoustic principles that significantly reduce attack success.

Contribution

This paper introduces ADAGIO, the first interactive platform for real-time adversarial attack and defense experimentation on ASR models, incorporating psychoacoustic-based defense methods.

Findings

AMR and MP3 compression reduce attack success from 92.5% to 0%

ADAGIO allows visual and auditory exploration of attacks and defenses

Effective defense techniques based on psychoacoustics are demonstrated

Abstract

Adversarial machine learning research has recently demonstrated the feasibility to confuse automatic speech recognition (ASR) models by introducing acoustically imperceptible perturbations to audio samples. To help researchers and practitioners gain better understanding of the impact of such attacks, and to provide them with tools to help them more easily evaluate and craft strong defenses for their models, we present ADAGIO, the first tool designed to allow interactive experimentation with adversarial attacks and defenses on an ASR model in real time, both visually and aurally. ADAGIO incorporates AMR and MP3 audio compression techniques as defenses, which users can interactively apply to attacked audio samples. We show that these techniques, which are based on psychoacoustic principles, effectively eliminate targeted attacks, reducing the attack success rate from 92.5% to 0%. We will demonstrate ADAGIO and invite the audience to try it on the Mozilla Common Voice dataset.