Precision-Varying Prediction (PVP): Robustifying ASR systems against adversarial attacks

TL;DR

This paper introduces Precision-Varying Prediction (PVP), a method that enhances ASR robustness against adversarial attacks by randomizing model precision during inference and detecting attacks through output comparison.

Contribution

The paper proposes a novel approach that improves ASR robustness by varying precision during inference and uses output comparison for attack detection.

Findings

Significant increase in robustness against adversarial attacks.

Effective detection of adversarial examples using Gaussian classifier.

Applicable to various ASR models and attack types.

Abstract

With the increasing deployment of automated and agentic systems, ensuring the adversarial robustness of automatic speech recognition (ASR) models has become critical. We observe that changing the precision of an ASR model during inference reduces the likelihood of adversarial attacks succeeding. We take advantage of this fact to make the models more robust by simple random sampling of the precision during prediction. Moreover, the insight can be turned into an adversarial example detection strategy by comparing outputs resulting from different precisions and leveraging a simple Gaussian classifier. An experimental analysis demonstrates a significant increase in robustness and competitive detection performance for various ASR models and attack types.