Robust Audio Adversarial Example for a Physical Attack
This addresses a security vulnerability in speech recognition systems, posing a potential real-world threat, though it builds incrementally on prior work by focusing on physical robustness.
The paper tackles the problem of generating audio adversarial examples that work in physical environments, achieving attacks on a state-of-the-art speech recognition model without human detection.
We propose a method to generate audio adversarial examples that can attack a state-of-the-art speech recognition model in the physical world. Previous work assumes that generated adversarial examples are directly fed to the recognition model, and is not able to perform such a physical attack because of reverberation and noise from playback environments. In contrast, our method obtains robust adversarial examples by simulating transformations caused by playback or recording in the physical world and incorporating the transformations into the generation process. Evaluation and a listening experiment demonstrated that our adversarial examples are able to attack without being noticed by humans. This result suggests that audio adversarial examples generated by the proposed method may become a real threat.