Cyclic Defense GAN Against Speech Adversarial Attacks
This addresses security vulnerabilities in speech recognition systems, but it is incremental as it builds on existing GAN-based defense methods.
The paper tackled the problem of defending speech-to-text models against adversarial attacks by proposing a cyclic generative adversarial network to reconstruct signals, achieving effectiveness in experiments on targeted and non-targeted attacks for models like DeepSpeech, Kaldi, and Lingvo.
This paper proposes a new defense approach for counteracting state-of-the-art white and black-box adversarial attack algorithms. Our approach fits into the implicit reactive defense algorithm category since it does not directly manipulate the potentially malicious input signals. Instead, it reconstructs a similar signal with a synthesized spectrogram using a cyclic generative adversarial network. This cyclic framework helps to yield a stable generative model. Finally, we feed the reconstructed signal into the speech-to-text model for transcription. The conducted experiments on targeted and non-targeted adversarial attacks developed for attacking DeepSpeech, Kaldi, and Lingvo models demonstrate the proposed defense's effectiveness in adverse scenarios.