Are Deep Speech Denoising Models Robust to Adversarial Noise?
This reveals a vulnerability in high-stakes speech applications, highlighting a need for countermeasures, but it is incremental as it builds on existing adversarial attack research.
The paper demonstrates that four recent deep noise suppression models can be made to output unintelligible gibberish by adding imperceptible adversarial noise, with results showing the plausibility of targeted and over-the-air attacks, though attacks are strongest in white-box settings and vary by model.
Deep noise suppression (DNS) models enjoy widespread use throughout a variety of high-stakes speech applications. However, in this paper, we show that four recent DNS models can each be reduced to outputting unintelligible gibberish through the addition of imperceptible adversarial noise. Furthermore, our results show the near-term plausibility of targeted attacks, which could induce models to output arbitrary utterances, and over-the-air attacks. While the success of these attacks varies by model and setting, and attacks appear to be strongest when model-specific (i.e., white-box and non-transferable), our results highlight a pressing need for practical countermeasures in DNS systems.