Projekter pr. år
Abstract
Automatic speech recognition (ASR) systems are known to be vulnerable to adversarial attacks.
This paper addresses detection and defence against targeted white-box attacks on speech signals for ASR systems.
While existing work has utilised diffusion models (DMs) to purify adversarial examples, achieving state-of-the-art results in keyword spotting tasks, their effectiveness for more complex tasks such as sentence-level ASR remains unexplored. Additionally, the impact of the number of forward diffusion steps on performance is not well understood.
In this paper, we systematically investigate the use of DMs for defending against adversarial attacks on sentences and examine the effect of varying forward diffusion steps.
Through comprehensive experiments on the Mozilla Common Voice dataset, we demonstrate that two forward diffusion steps can completely defend against adversarial attacks on sentences.
Moreover, we introduce a novel, training-free approach for detecting adversarial attacks by leveraging a pre-trained DM. Our experimental results show that this method can detect adversarial attacks with high accuracy.
This paper addresses detection and defence against targeted white-box attacks on speech signals for ASR systems.
While existing work has utilised diffusion models (DMs) to purify adversarial examples, achieving state-of-the-art results in keyword spotting tasks, their effectiveness for more complex tasks such as sentence-level ASR remains unexplored. Additionally, the impact of the number of forward diffusion steps on performance is not well understood.
In this paper, we systematically investigate the use of DMs for defending against adversarial attacks on sentences and examine the effect of varying forward diffusion steps.
Through comprehensive experiments on the Mozilla Common Voice dataset, we demonstrate that two forward diffusion steps can completely defend against adversarial attacks on sentences.
Moreover, we introduce a novel, training-free approach for detecting adversarial attacks by leveraging a pre-trained DM. Our experimental results show that this method can detect adversarial attacks with high accuracy.
| Originalsprog | Engelsk |
|---|---|
| Titel | 2025 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) |
| Antal sider | 5 |
| Publikationsdato | 2025 |
| Sider | 1-5 |
| Status | Udgivet - 2025 |
| Begivenhed | 50th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2025 - Hyderabad, Indien Varighed: 6 apr. 2025 → 11 apr. 2025 |
Konference
| Konference | 50th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2025 |
|---|---|
| Land/Område | Indien |
| By | Hyderabad |
| Periode | 06/04/2025 → 11/04/2025 |
Fingeraftryk
Dyk ned i forskningsemnerne om 'Detecting and Defending Against Adversarial Attacks on Automatic Speech Recognition via Diffusion Models'. Sammen danner de et unikt fingeraftryk.Projekter
- 1 Igangværende
-
CASPR: Centre for Acoustic Signal Processing Research
Østergaard, J. (PI (principal investigator)), Tan, Z.-H. (PI (principal investigator)) & Jensen, J. (PI (principal investigator))
01/11/2016 → …
Projekter: Projekt › Forskning