TUM Logo

Audio Adversarial Examples: Detection

Audio Adversarial Examples: Detection

Supervisor(s): Karla Markert, Ching-Yu Kao
Status: finished
Topic: Others
Author: Mykhailo Kulakov
Submission: 2021-03-31
Type of Thesis: Guided Research
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Reliability and interpretability of Automatic Speech Recognition (ASR) systems became an emerging research area since various voice assistants (e.g, Siri, Cortana etc.) were introduced. Similarly to computer vision models it was shown that ASR models are also vulnerable to adversarial examples. Adversarial audio examples are audio signals with intentionally added imperceptible to human ears perturbations which aim to fool the speech-to-text model. In computer vision one possible solution to detect adversarial examples is to exploit attribution methods. Such methods allow to visualise the most activated regions of the input image which affected model classification results. It was demonstrated that gradient-based attribution methods (e.g., ε-LRP) can be successfully applied to detect adversarial audio examples. Recently proposed Shapley Additive Explanations (SHAP) attribution method unifies all major attribution methods, has solid mathematical argumentation behind it and produces more consistent with human intuition results. Hence, in this guided research we adapted SHAP method for visualisation of audio samples. Moreover, we proposed a novel approach which incorporates Shapley values to distinguish between benign and adversarial audio samples with an accuracy up to 90%.