Adaptive unified defense framework for tackling adversarial audio attacks

Abstract

AbstractAdversarial attacks aimed at subverting recognition systems have laid bare significant security vulnerabilities inherent in deep neural networks. In the automatic speech recognition (ASR) domain, prevailing defense mechanisms have primarily centered on pre-processing procedures to mitigate adversarial threats stemming from such attacks. However, despite their initial success, these methods have shown surprising vulnerabilities when confronted with robust and adaptive adversarial attacks. This paper proposes an adaptive unified defense framework tailored to address the challenges posed by robust audio adversarial examples. The framework comprises two pivotal components: (1) a unified pre-processing mechanism is designed to disrupt the continuity and transferability of adversarial attacks. Its objective is to thwart the consistent operation of adversarial examples across different systems or conditions, thereby enhancing the robustness of the defense. (2) an adaptive ASR transcription method is proposed to further bolster our defense strategy. Empirical experiments conducted using two benchmark audio datasets within a state-of-the-art ASR system affirm the effectiveness of our adaptive defense framework. It achieves an impressive 100% accuracy rate against representative audio attacks and consistently outperforms other state-of-the-art defense techniques, achieving an accuracy rate of 98.5% even when faced with various challenging adaptive adversarial attacks.