Exploring Targeted Universal Adversarial Perturbations To End-to-end ASR Models
2021 Β· Zhiyun Lu, Wei Han, Yu Zhang, et al.
Abstract
Although end-to-end automatic speech recognition (e2e ASR) models are widely deployed in many applications, there have been very few studies to understand models' robustness against adversarial perturbations. In this paper, we explore whether a targeted universal perturbation vector exists for e2e ASR models. Our goal is to find perturbations that can mislead the models to predict the given targeted transcript such as "thank you" or empty string on any input utterance. We study two different attacks, namely additive and prepending perturbations, and their performances on the state-of-the-art LAS, CTC and RNN-T models. We find that LAS is the most vulnerable to perturbations among the three models. RNN-T is more robust against additive perturbations, especially on long utterances. And CTC is robust against both additive and prepending perturbations. To attack RNN-T, we find prepending perturbation is more effective than the additive perturbation, and can mislead the models to predict th
Authors
(none)
Tags
Stats
Related papers
- Universal Adversarial Perturbations For Speech Recognition Systems (2019)14.11
- Universal Adversarial Examples In Speech Command Classification (2019)0.00
- Audio Adversarial Examples For Robust Hybrid Ctc/attention Speech Recognition (2020)3.58
- Inaudible Adversarial Perturbations For Targeted Attack In Speaker Recognition (2020)12.33
- Universal Adversarial Perturbations Generative Network For Speaker Recognition (2020)12.33
- Intapt: Information-theoretic Adversarial Prompt Tuning For Enhanced Non-native Speech Recognition (2023)3.58
- Impact Of Phonetics On Speaker Identity In Adversarial Voice Attack (2025)0.00
- Robust Automatic Speech Recognition Via Wavaugment Guided Phoneme Adversarial Training (2023)0.00