Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition
This addresses security vulnerabilities in speech recognition systems, offering a practical method for generating stealthy and robust adversarial attacks, though it is incremental by building on existing adversarial example research.
The paper tackles the problem of creating adversarial examples for automatic speech recognition that are both imperceptible to humans and robust in real-world conditions, achieving 100% targeted success rate on full sentences while remaining effective under simulated environmental distortions.
Adversarial examples are inputs to machine learning models designed by an adversary to cause an incorrect output. So far, adversarial examples have been studied most extensively in the image domain. In this domain, adversarial examples can be constructed by imperceptibly modifying images to cause misclassification, and are practical in the physical world. In contrast, current targeted adversarial examples applied to speech recognition systems have neither of these properties: humans can easily identify the adversarial perturbations, and they are not effective when played over-the-air. This paper makes advances on both of these fronts. First, we develop effectively imperceptible audio adversarial examples (verified through a human study) by leveraging the psychoacoustic principle of auditory masking, while retaining 100% targeted success rate on arbitrary full-sentence targets. Next, we make progress towards physical-world over-the-air audio adversarial examples by constructing perturbations which remain effective even after applying realistic simulated environmental distortions.