Towards Robust Speech-to-Text Adversarial Attack
This addresses the vulnerability of speech-to-text systems to adversarial attacks, which is a security concern for applications relying on voice recognition, though it is incremental as it builds on existing adversarial optimization methods.
The paper tackles the problem of creating robust adversarial attacks on speech-to-text systems by introducing a novel algorithm that uses the Cramèr integral probability metric to craft signals close to legitimate speech, resulting in higher resilience against over-the-air playback and outperforming other attacks in word error rate and sentence-level accuracy.
This paper introduces a novel adversarial algorithm for attacking the state-of-the-art speech-to-text systems, namely DeepSpeech, Kaldi, and Lingvo. Our approach is based on developing an extension for the conventional distortion condition of the adversarial optimization formulation using the Cramèr integral probability metric. Minimizing over this metric, which measures the discrepancies between original and adversarial samples' distributions, contributes to crafting signals very close to the subspace of legitimate speech recordings. This helps to yield more robust adversarial signals against playback over-the-air without employing neither costly expectation over transformation operations nor static room impulse response simulations. Our approach outperforms other targeted and non-targeted algorithms in terms of word error rate and sentence-level-accuracy with competitive performance on the crafted adversarial signals' quality. Compared to seven other strong white and black-box adversarial attacks, our proposed approach is considerably more resilient against multiple consecutive playbacks over-the-air, corroborating its higher robustness in noisy environments.