Representation Learning to Classify and Detect Adversarial Attacks against Speaker and Speech Recognition Systems

TL;DR

This paper explores using representation learning to classify and detect adversarial attacks in speech and speaker recognition systems, achieving high accuracy on known attacks and promising results on unknown attack detection.

Contribution

It introduces a method for classifying and detecting adversarial attacks in audio systems using representation learning, with insights into generalization and unknown attack detection.

Findings

Achieved up to 90% accuracy in classifying common attacks

Representations trained for speaker attack classification also work for verification tasks

Detected unknown attacks with about 19% equal error rate

Abstract

Adversarial attacks have become a major threat for machine learning applications. There is a growing interest in studying these attacks in the audio domain, e.g, speech and speaker recognition; and find defenses against them. In this work, we focus on using representation learning to classify/detect attacks w.r.t. the attack algorithm, threat model or signal-to-adversarial-noise ratio. We found that common attacks in the literature can be classified with accuracies as high as 90%. Also, representations trained to classify attacks against speaker identification can be used also to classify attacks against speaker verification and speech recognition. We also tested an attack verification task, where we need to decide whether two speech utterances contain the same attack. We observed that our models did not generalize well to attack algorithms not included in the attack representation model training. Motivated by this, we evaluated an unknown attack detection task. We were able to detect unknown attacks with equal error rates of about 19%, which is promising.