Detecting Audio Attacks on ASR Systems with Dropout Uncertainty
This addresses security vulnerabilities in ASR systems for applications like voice assistants, but it is incremental as it builds on existing dropout-based uncertainty methods.
The paper tackles the problem of defending against adversarial audio attacks on automatic speech recognition (ASR) systems by using dropout uncertainty in neural networks, achieving high detection accuracy across multiple datasets.
Various adversarial audio attacks have recently been developed to fool automatic speech recognition (ASR) systems. We here propose a defense against such attacks based on the uncertainty introduced by dropout in neural networks. We show that our defense is able to detect attacks created through optimized perturbations and frequency masking on a state-of-the-art end-to-end ASR system. Furthermore, the defense can be made robust against attacks that are immune to noise reduction. We test our defense on Mozilla's CommonVoice dataset, the UrbanSound dataset, and an excerpt of the LibriSpeech dataset, showing that it achieves high detection accuracy in a wide range of scenarios.