SlothSpeech: Denial-of-service Attack Against Speech Recognition Models
This work addresses a security and efficiency robustness issue for real-time ASR systems, but it is incremental as it builds on known dynamic computation vulnerabilities.
The authors tackled the problem of dynamic computation in popular ASR models like Speech2Text and Whisper, which leads to efficiency vulnerabilities, by proposing SlothSpeech, a denial-of-service attack that generates audio perturbations to exploit this behavior, resulting in up to 40X increased latency.
Deep Learning (DL) models have been popular nowadays to execute different speech-related tasks, including automatic speech recognition (ASR). As ASR is being used in different real-time scenarios, it is important that the ASR model remains efficient against minor perturbations to the input. Hence, evaluating efficiency robustness of the ASR model is the need of the hour. We show that popular ASR models like Speech2Text model and Whisper model have dynamic computation based on different inputs, causing dynamic efficiency. In this work, we propose SlothSpeech, a denial-of-service attack against ASR models, which exploits the dynamic behaviour of the model. SlothSpeech uses the probability distribution of the output text tokens to generate perturbations to the audio such that efficiency of the ASR model is decreased. We find that SlothSpeech generated inputs can increase the latency up to 40X times the latency induced by benign input.