ADAGIO: Interactive Experimentation with Adversarial Attack and Defense for Audio
This provides a practical tool for researchers and practitioners to better understand and defend against adversarial attacks in audio, though it is incremental as it applies existing compression methods to this domain.
The paper tackles the problem of adversarial attacks on automatic speech recognition models by introducing ADAGIO, an interactive tool for experimenting with attacks and defenses, which reduces attack success rates from 92.5% to 0% using audio compression techniques.
Adversarial machine learning research has recently demonstrated the feasibility to confuse automatic speech recognition (ASR) models by introducing acoustically imperceptible perturbations to audio samples. To help researchers and practitioners gain better understanding of the impact of such attacks, and to provide them with tools to help them more easily evaluate and craft strong defenses for their models, we present ADAGIO, the first tool designed to allow interactive experimentation with adversarial attacks and defenses on an ASR model in real time, both visually and aurally. ADAGIO incorporates AMR and MP3 audio compression techniques as defenses, which users can interactively apply to attacked audio samples. We show that these techniques, which are based on psychoacoustic principles, effectively eliminate targeted attacks, reducing the attack success rate from 92.5% to 0%. We will demonstrate ADAGIO and invite the audience to try it on the Mozilla Common Voice dataset.