Research On Adversarial Sample Defense Technology Of Speech Recognition

At present,the applications based on the Internet of Things(IoT)are in a period of rapid growth,with the characteristics of diversification,scale and industrialization.Among many IoT related technologies,speech recognition is the key technology of communication between human and machine equipment.By using adversarial sample attack,the hackers only should add some noise which is hard to be detected by the persons in the speech sample,and the recognition model will recognize the speech as random code or empty speech.However,there are few research results on the defense methods against adversarial sample attack in speech recognition,in which adding adversarial samples in the training process or adding subnetwork before the recognition model can effectively defend against sample attack,but the existing speech recognition model needs to be retrained,and it is difficult to apply.Therefore,this paper studies the adversarial sample attack in speech recognition based on the speech enhancement algorithms.The major research results and the innovations of this paper are shown as follows:(1)An adversarial sample filter which can effectively filter the adversarial noise is proposed.This paper uses two kinds of speech adversarial sample attacks i.e.C&W Attack and Genetic Algorithm Attack to generate the adversarial sample datasets that are used in the experiments.The speech recognition models of Baidu and Google are used for the recognition.The commonly used evaluation parameters of speech recognition are used to test and compare the performance of the selected 8 speech enhancement algorithms against adversarial sample attacks.We choose two kinds of enhancement algorithms which have the best performance on the speech adversarial sample filtering to propose an adversarial sample filter.(2)We propose a defense method against speech adversarial attacks based on speech enhancement algorithms.The proposed method combines two kinds of enhancement algorithms which have the best performance on the speech adversarial sample filtering.This filter which is considered as the recognition preprocessing process before the speech recognition models can reduce the recognition error rate of the speech recognition model when attacked,that is,this filter can improve the robustness of the speech recognition model against the sample attack.Experimental results show that the proposed method is effective and achieves good defense effect.