Isolated and Ensemble Audio Preprocessing Methods for Detecting Adversarial Examples against Automatic Speech Recognition

TL;DR

This paper investigates audio preprocessing techniques, including compression and filtering, to detect adversarial examples in speech recognition, achieving high detection accuracy and addressing security concerns in voice-based applications.

Contribution

It introduces a combined audio preprocessing defense method that effectively detects adversarial examples in speech recognition systems, improving security measures.

Findings

Achieved 93.5% precision in detecting adversarial audio

Achieved 91.2% recall in detection performance

Combined preprocessing methods outperform individual techniques

Abstract

An adversarial attack is an exploitative process in which minute alterations are made to natural inputs, causing the inputs to be misclassified by neural models. In the field of speech recognition, this has become an issue of increasing significance. Although adversarial attacks were originally introduced in computer vision, they have since infiltrated the realm of speech recognition. In 2017, a genetic attack was shown to be quite potent against the Speech Commands Model. Limited-vocabulary speech classifiers, such as the Speech Commands Model, are used in a variety of applications, particularly in telephony; as such, adversarial examples produced by this attack pose as a major security threat. This paper explores various methods of detecting these adversarial examples with combinations of audio preprocessing. One particular combined defense incorporating compressions, speech coding, filtering, and audio panning was shown to be quite effective against the attack on the Speech Commands Model, detecting audio adversarial examples with 93.5% precision and 91.2% recall.