Adversarial Example Devastation and Detection on Speech Recognition System by Adding Random Noise

TL;DR

This paper presents a method to devastate and detect adversarial examples in speech recognition systems by adding random noise, significantly improving detection rates and reducing adversarial perturbations.

Contribution

It introduces a novel input transformation technique using random noise to both devastate and detect adversarial examples in advanced speech recognition systems.

Findings

Adversarial example similarity to original speech reaches 99.68% after noise addition.

Adversarial example similarity drops to zero, indicating effective devastation.

Detection rate of adversarial examples reaches 94%.

Abstract

An automatic speech recognition (ASR) system based on a deep neural network is vulnerable to attack by an adversarial example, especially if the command-dependent ASR fails. A defense method against adversarial examples is proposed to improve the robustness and security of the ASR system. We propose an algorithm of devastation and detection on adversarial examples that can attack current advanced ASR systems. We choose an advanced text- and command-dependent ASR system as our target, generating adversarial examples by an optimization-based attack on text-dependent ASR and the GA-based algorithm on command-dependent ASR. The method is based on input transformation of adversarial examples. Different random intensities and kinds of noise are added to adversarial examples to devastate the perturbation previously added to normal examples. Experimental results show that the method performs well. For the devastation of examples, the original speech similarity after adding noise can reach 99.68%, the similarity of adversarial examples can reach zero, and the detection rate of adversarial examples can reach 94%.