Detecting audio attacks on ASR systems with dropout uncertainty

Tejas Jayashankar; Jonathan Le Roux; Pierre Moulin

doi:10.21437/Interspeech.2020-1846

Detecting audio attacks on ASR systems with dropout uncertainty

Tejas Jayashankar, Jonathan Le Roux, Pierre Moulin

Research output: Contribution to journal › Conference article › peer-review

Abstract

Various adversarial audio attacks have recently been developed to fool automatic speech recognition (ASR) systems. We here propose a defense against such attacks based on the uncertainty introduced by dropout in neural networks. We show that our defense is able to detect attacks created through optimized perturbations and frequency masking on a state-of-the-art end-to-end ASR system. Furthermore, the defense can be made robust against attacks that are immune to noise reduction. We test our defense on Mozilla's CommonVoice dataset, the UrbanSound dataset, and an excerpt of the LibriSpeech dataset, showing that it achieves high detection accuracy in a wide range of scenarios.

Original language	English (US)
Pages (from-to)	4671-4675
Number of pages	5
Journal	Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH
Volume	2020-October
DOIs	https://doi.org/10.21437/Interspeech.2020-1846
State	Published - 2020
Event	21st Annual Conference of the International Speech Communication Association, INTERSPEECH 2020 - Shanghai, China Duration: Oct 25 2020 → Oct 29 2020

Keywords

Adversarial machine learning
Audio attack
Automatic speech recognition
Dropout
Noise reduction
Uncertainty distribution

ASJC Scopus subject areas

Language and Linguistics
Human-Computer Interaction
Signal Processing
Software
Modeling and Simulation

Access to Document

10.21437/Interspeech.2020-1846

Fingerprint Dive into the research topics of 'Detecting audio attacks on ASR systems with dropout uncertainty'. Together they form a unique fingerprint.

Cite this

@article{b5dce04f5111439e882b01c312200cf3,

title = "Detecting audio attacks on ASR systems with dropout uncertainty",

abstract = "Various adversarial audio attacks have recently been developed to fool automatic speech recognition (ASR) systems. We here propose a defense against such attacks based on the uncertainty introduced by dropout in neural networks. We show that our defense is able to detect attacks created through optimized perturbations and frequency masking on a state-of-the-art end-to-end ASR system. Furthermore, the defense can be made robust against attacks that are immune to noise reduction. We test our defense on Mozilla's CommonVoice dataset, the UrbanSound dataset, and an excerpt of the LibriSpeech dataset, showing that it achieves high detection accuracy in a wide range of scenarios.",

keywords = "Adversarial machine learning, Audio attack, Automatic speech recognition, Dropout, Noise reduction, Uncertainty distribution",

author = "Tejas Jayashankar and {Le Roux}, Jonathan and Pierre Moulin",

note = "Publisher Copyright: Copyright {\textcopyright} 2020 ISCA Copyright: Copyright 2020 Elsevier B.V., All rights reserved.; 21st Annual Conference of the International Speech Communication Association, INTERSPEECH 2020 ; Conference date: 25-10-2020 Through 29-10-2020",

year = "2020",

doi = "10.21437/Interspeech.2020-1846",

language = "English (US)",

volume = "2020-October",

pages = "4671--4675",

journal = "Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH",

issn = "2308-457X",

}

TY - JOUR

T1 - Detecting audio attacks on ASR systems with dropout uncertainty

AU - Jayashankar, Tejas

AU - Le Roux, Jonathan

AU - Moulin, Pierre

PY - 2020

Y1 - 2020

N2 - Various adversarial audio attacks have recently been developed to fool automatic speech recognition (ASR) systems. We here propose a defense against such attacks based on the uncertainty introduced by dropout in neural networks. We show that our defense is able to detect attacks created through optimized perturbations and frequency masking on a state-of-the-art end-to-end ASR system. Furthermore, the defense can be made robust against attacks that are immune to noise reduction. We test our defense on Mozilla's CommonVoice dataset, the UrbanSound dataset, and an excerpt of the LibriSpeech dataset, showing that it achieves high detection accuracy in a wide range of scenarios.

AB - Various adversarial audio attacks have recently been developed to fool automatic speech recognition (ASR) systems. We here propose a defense against such attacks based on the uncertainty introduced by dropout in neural networks. We show that our defense is able to detect attacks created through optimized perturbations and frequency masking on a state-of-the-art end-to-end ASR system. Furthermore, the defense can be made robust against attacks that are immune to noise reduction. We test our defense on Mozilla's CommonVoice dataset, the UrbanSound dataset, and an excerpt of the LibriSpeech dataset, showing that it achieves high detection accuracy in a wide range of scenarios.

KW - Adversarial machine learning

KW - Audio attack

KW - Automatic speech recognition

KW - Dropout

KW - Noise reduction

KW - Uncertainty distribution

UR - http://www.scopus.com/inward/record.url?scp=85098110844&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85098110844&partnerID=8YFLogxK

U2 - 10.21437/Interspeech.2020-1846

DO - 10.21437/Interspeech.2020-1846

M3 - Conference article

AN - SCOPUS:85098110844

VL - 2020-October

SP - 4671

EP - 4675

JO - Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH

JF - Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH

SN - 2308-457X

T2 - 21st Annual Conference of the International Speech Communication Association, INTERSPEECH 2020

Y2 - 25 October 2020 through 29 October 2020

ER -

Detecting audio attacks on ASR systems with dropout uncertainty

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Cite this