Cyclic Defense GAN Against Speech Adversarial Attacks

Mohammad Esmaeilpour; Patrick Cardinal; Alessandro Lameiras Koerich

arXiv:2103.14717·cs.SD·August 24, 2021

Cyclic Defense GAN Against Speech Adversarial Attacks

Mohammad Esmaeilpour, Patrick Cardinal, Alessandro Lameiras Koerich

PDF

TL;DR

This paper introduces a cyclic GAN-based defense mechanism that reconstructs speech signals to counteract adversarial attacks on speech-to-text systems, showing effectiveness against various attack algorithms.

Contribution

It presents a novel cyclic GAN framework for implicit reactive defense in speech recognition, avoiding direct manipulation of malicious inputs.

Findings

01

Effective against white-box and black-box attacks

02

Improves robustness of speech-to-text models

03

Validated on DeepSpeech, Kaldi, and Lingvo

Abstract

This paper proposes a new defense approach for counteracting state-of-the-art white and black-box adversarial attack algorithms. Our approach fits into the implicit reactive defense algorithm category since it does not directly manipulate the potentially malicious input signals. Instead, it reconstructs a similar signal with a synthesized spectrogram using a cyclic generative adversarial network. This cyclic framework helps to yield a stable generative model. Finally, we feed the reconstructed signal into the speech-to-text model for transcription. The conducted experiments on targeted and non-targeted adversarial attacks developed for attacking DeepSpeech, Kaldi, and Lingvo models demonstrate the proposed defense's effectiveness in adverse scenarios.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.