DistriBlock: Identifying adversarial audio samples by leveraging characteristics of the output distribution

arXiv:2305.17000v2 Announce Type: replace-cross
Abstract: Adversarial attacks can mislead automatic speech recognition (ASR) systems into predicting an arbitrary target text, thus posing a clear security threat. To prevent such attacks, we propose DistriBlock, an efficient detection strategy applicable to any ASR system that predicts a probability distribution over output tokens in each time step. We measure a set of characteristics of this distribution: the median, maximum, and minimum over the output probabilities, the entropy of the distribution, as well as …

adversarial adversarial attacks arxiv asr attacks audio automatic can clear cs.cr cs.lg cs.sd detection distribution eess.as recognition security security threat speech speech recognition strategy system systems target text threat