Detecting Audio Attacks on ASR Systems with Dropout Uncertainty
Tejas Jayashankar, Jonathan Le Roux, Pierre Moulin
TL;DR
This paper introduces a novel defense mechanism for ASR systems that leverages dropout-induced uncertainty to detect various adversarial audio attacks, demonstrating high accuracy across multiple datasets.
Contribution
The study presents a dropout-based uncertainty method to effectively detect adversarial audio attacks on end-to-end ASR systems, including robust detection against noise-reduction immune attacks.
Findings
High detection accuracy on Mozilla CommonVoice dataset
Effective against optimized perturbation and frequency masking attacks
Robust detection even for noise reduction immune attacks
Abstract
Various adversarial audio attacks have recently been developed to fool automatic speech recognition (ASR) systems. We here propose a defense against such attacks based on the uncertainty introduced by dropout in neural networks. We show that our defense is able to detect attacks created through optimized perturbations and frequency masking on a state-of-the-art end-to-end ASR system. Furthermore, the defense can be made robust against attacks that are immune to noise reduction. We test our defense on Mozilla's CommonVoice dataset, the UrbanSound dataset, and an excerpt of the LibriSpeech dataset, showing that it achieves high detection accuracy in a wide range of scenarios.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsDropout