Towards the universal defense for query-based audio adversarial attacks on speech recognition system
作者机构:School of Cyber Science and TechnologyShandong UniversityQingdaoChina Quancheng LaboratoryQCLJinanChina
出 版 物:《Cybersecurity》 (网络空间安全科学与技术(英文))
年 卷 期:2024年第7卷第1期
页 面:53-70页
核心收录:
学科分类:0710[理学-生物学] 0839[工学-网络空间安全] 08[工学] 0812[工学-计算机科学与技术(可授工学、理学学位)]
基 金:supported in part by NSFC No.62202275 Shandong-SF No.ZR2022QF012 projects
主 题:Adversarial attacks Defense Memory mechanism Query-based
摘 要:Recently,studies show that deep learning-based automatic speech recognition(ASR)systems are vulnerable to adversarial examples(AEs),which add a small amount of noise to the original audio *** AE attacks pose new challenges to deep learning security and have raised significant concerns about deploying ASR systems and *** existing defense methods are either limited in application or only defend on results,but not on *** this work,we propose a novel method to infer the adversary intent and discover audio adversarial examples based on the AEs generation *** insight of this method is based on the observation:many existing audio AE attacks utilize query-based methods,which means the adversary must send continuous and similar queries to target ASR models during the audio AE generation *** by this observation,We propose a memory mechanism by adopting audio fingerprint technology to analyze the similarity of the current query with a certain length of memory ***,we can identify when a sequence of queries appears to be suspectable to generate audio *** extensive evaluation on four state-of-the-art audio AE attacks,we demonstrate that on average our defense identify the adversary’s intent with over 90%*** careful regard for robustness evaluations,we also analyze our proposed defense and its strength to withstand two adaptive ***,our scheme is available out-of-the-box and directly compatible with any ensemble of ASR defense models to uncover audio AE attacks effectively without model retraining.
维普期刊数据库