Class-conditional Defense GAN Against End-to-end Speech Attacks

Abstract

In this paper we propose a novel defense approach against end-to-end adversarial attacks developed to fool advanced speech-to-text systems such as DeepSpeech and Lingvo. Unlike conventional defense approaches, the proposed approach does not directly employ low-level transformations such as autoencoding a given input signal aiming at removing potential adversarial perturbation. Instead of that, we find an optimal input vector for a class conditional generative adversarial network through minimizing the relative chordal distance adjustment between a given test input and the generator network. Then, we reconstruct the 1D signal from the synthesized spectrogram and the original phase information derived from the given input signal. Hence, this reconstruction does not add any extra noise to the signal and according to our experimental results, our defense-GAN considerably outperforms conventional defense algorithms both in terms of word error rate and sentence level recognition accuracy.

Stats

• citations9
• S2 citations—
• github stars0
• HF likes0
• heat score7.50
• arxiv keyesmaeilpour2020class

Related papers

• Multi-discriminator Sobolev Defense-gan Against Adversarial Attacks For End-to-end Speech Systems (2021)8.82
• RSD-GAN: Regularized Sobolev Defense GAN Against Speech-to-text Adversarial Attacks (2022)4.52
• Towards Generalized Speech Enhancement With Generative Adversarial Networks (2019)10.35
• Channel-aware Domain-adaptive Generative Adversarial Network For Robust Speech Recognition (2024)4.52
• Robust Speech Recognition Using Generative Adversarial Networks (2017)11.29
• Analysis By Adversarial Synthesis -- A Novel Approach For Speech Vocoding (2019)3.58
• Fine-tuning Of Pre-trained End-to-end Speech Recognition With Generative Adversarial Networks (2021)5.84
• On Enhancing Speech Emotion Recognition Using Generative Adversarial Networks (2018)12.33