แนวคิดหลัก
DistriBlock proposes a novel detection strategy for identifying adversarial audio samples in ASR systems by analyzing output distribution characteristics.
สถิติ
"Through extensive analysis across different state-of-the-art ASR systems and language data sets, we demonstrate the supreme performance of this approach, with a mean area under the receiver operating characteristic for distinguishing target adversarial examples against clean and noisy data of 99% and 97%, respectively."
"The noise instances were randomly sampled from the Freesound section of the MUSAN corpus, which includes room impulse responses, as well as 929 background noise recordings."
"The models are shortly referred to as wav2vec, LSTM, and Trf, respectively in our tables."
คำพูด
"Adversarial attacks can mislead automatic speech recognition (ASR) systems into predicting an arbitrary target text, thus posing a clear security threat."
"To prevent such attacks, we propose DistriBlock, an efficient detection strategy applicable to any ASR system that predicts a probability distribution over output tokens in each time step."