This paper proposes a new defense approach for counteracting with state-of-the-art white and black-box adversarial attack algorithms. Our approach fits in the category of implicit reactive defense algorithms since it does not directly manipulate the potentially malicious input signals. Instead, it reconstructs a similar signal with a synthesized spectrogram using a cyclic generative adversarial network. This cyclic framework helps to yield a stable generative model. Finally, we feed the reconstructed signal into the speech-to-text model for transcription. The conducted experiments on targeted and non-targeted adversarial attacks developed for attacking DeepSpeech, Kaldi, and Lingvo models demonstrate the proposed defense's effectiveness in adverse scenarios.
翻译:本文提出一种新的防御方法,以对抗最先进的白色和黑箱对抗性攻击算法。 我们的方法符合隐性反应性防御算法的类别,因为它没有直接操纵潜在的恶意输入信号。 相反,它利用循环基因对抗网络,用合成光谱图来重建类似的信号。 这个循环框架有助于形成一个稳定的基因化模型。 最后, 我们把重建后的信号输入到语音对文本模型中进行转录。 对为攻击DeepSpeech、Kaldi和Lingvo开发的定向和非有针对性的对抗性攻击的实验, 显示了拟议中的防御在不利情况下的有效性。
相关内容
微信扫码咨询专知VIP会员