Distriblock: Identifying Adversarial Audio Samples By Leveraging Characteristics Of The Output Distribution

Abstract

Adversarial attacks can mislead automatic speech recognition (ASR) systems into predicting an arbitrary target text, thus posing a clear security threat. To prevent such attacks, we propose DistriBlock, an efficient detection strategy applicable to any ASR system that predicts a probability distribution over output tokens in each time step. We measure a set of characteristics of this distribution: the median, maximum, and minimum over the output probabilities, the entropy of the distribution, as well as the Kullback-Leibler and the Jensen-Shannon divergence with respect to the distributions of the subsequent time step. Then, by leveraging the characteristics observed for both benign and adversarial data, we apply binary classifiers, including simple threshold-based classification, ensembles of such classifiers, and neural networks. Through extensive analysis across different state-of-the-art ASR systems and language data sets, we demonstrate the supreme performance of this approach, wi

Stats

• citations0
• S2 citations—
• github stars0
• HF likes0
• heat score0.00
• arxiv keypizarro2023distriblock

Related papers

• ALIF: Low-cost Adversarial Audio Attacks On Black-box Speech Platforms Using Linguistic Features (2024)7.16
• Targeted Adversarial Examples For Black Box Audio Systems (2018)15.75
• Adversarial Sample Detection For Speaker Verification By Neural Vocoders (2021)0.00
• Multi-discriminator Sobolev Defense-gan Against Adversarial Attacks For End-to-end Speech Systems (2021)8.82
• Adversarial Attack And Defense Strategies For Deep Speaker Recognition Systems (2020)13.39
• Detecting And Defending Against Adversarial Attacks On Automatic Speech Recognition Via Diffusion Models (2024)2.26
• SA: Sliding Attack For Synthetic Speech Detection With Resistance To Clipping And Self-splicing (2022)0.00
• Inaudible Adversarial Perturbations For Targeted Attack In Speaker Recognition (2020)12.33