Adversarial Black-Box Attacks on Automatic Speech Recognition Systems Using Multi-Objective Evolutionary Optimization
Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review
Fooling deep neural networks with adversarial input have exposed a significant vulnerability in the current state-of-the-art systems in multiple domains. Both black-box and white-box approaches have been used to either replicate the model itself or to craft examples which cause the model to fail. In this work, we propose a framework which uses multi-objective evolutionary optimization to perform both targeted and un-targeted black-box attacks on Automatic Speech Recognition (ASR) systems. We apply this framework on two ASR systems: Deepspeech and Kaldi-ASR, which increases the Word Error Rates (WER) of these systems by upto 980%, indicating the potency of our approach. During both un-targeted and targeted attacks, the adversarial samples maintain a high acoustic similarity of 0.98 and 0.97 with the original audio.
Original language | English |
---|---|
Title of host publication | Proc. Interspeech 2019 |
Publisher | International Speech Communication Association (ISCA) |
Publication date | 15 Sep 2019 |
Pages | 3208-3212 |
DOIs | |
Publication status | Published - 15 Sep 2019 |
Event | Interspeech 2019 - 20th Annual Conference of the International Speech Communication Association - Graz, Austria Duration: 15 Sep 2019 → 19 Sep 2019 |
Conference
Conference | Interspeech 2019 - 20th Annual Conference of the International Speech Communication Association |
---|---|
Land | Austria |
By | Graz |
Periode | 15/09/2019 → 19/09/2019 |
ID: 239857996