Research On Adversarial Example Attack Technology Of Speech Recognition

With the continuous development and improvement of computer hardware and related mathematical theory,neural network has made new development.The application based on neural network has been applied in many scenarios and occupies an important position in automatic processing.However,researchers have recently discovered that neural networks are vulnerable to attacks from adversarial examples.Adversarial example is to cross the decision boundary of neural network without being detected by the defense by adding small perturbation to the original sample,and finally lead to the decision error of neural network with high confidence.Moreover,the adversarial examples with specially designed can make the neural network judge the sample as the result specified by the attacker.The reason for the generation of adversarial examples is that all neural networks have problems,so it seriously threatens the security of current applications based on neural networks.For example,in the field of computer vision,adversarial examples can attack tasks such as automatic driving,face recognition and target detection.Up to now,the study of adversarial examples has achieved a relatively perfect research system in the field of image.In the field of natural language processing,the research on adversarial examples is weak,especially in the field of speech.Therefore,it is beneficial to guarantee the security of neural network-based speech processing system by studying the adversarial examples in the speech domain.Up to now,the research on adversarial examples in the field of speech is mainly based on two scenarios: white box attack and black box attack.In the white box scenario,because the relevant information of the model can be obtained,the optimization attack algorithm based on the objective function is the main method.Optimization-based methods seek corresponding adversarial examples by iteratively optimizing the constructed objective function.Although optimization-based methods have a high success rate,they consume a large amount of time to generate a adversarial example and cannot meet the needs of real-time adversarial attacks.In the black box scenario,older evolution-based methods such as genetic algorithm and simulated annealing algorithm are used to search for adversarial examples due to the failure to obtain relevant information of the model.But evolution-based black box attack methods require more time and computing power.In addition,due to the limitation of the scene,the attacker can only rely on the site to process the original sample and cannot construct the corresponding adversarial example of the unknown sample in advance.In view of the above problems,this paper has carried out in-depth research and discussion,and the main research content is divided into the following two parts:(1)In order to solve the problem that the original samples cannot be quickly generated based on the optimization method in the white box scenario,a more efficient FAGAN speech adversarial attack algorithm is designed in this paper.FAGAN generation algorithm is based on generation model.By combining the ability of sample distribution fitting with generation model and the characteristics of neural network rapidly generating data after training,FAGAN generation algorithm can improve the attack efficiency by 200 times compared with the current mainstream speech adversarial attack algorithm based on optimization.In addition,because the generation model can match the distribution of the perturbation,FAGAN can generate a more subtle speech adversarial example.(2)In view of the problem that the attacker can only rely on the site to deal with the original samples and cannot construct the corresponding adversarial examples of unknown samples in advance.Combined with universal adversarial example method in the field of study,this paper first puts forward the AUGAN audio universal adversarial attack algorithm based on generating model,AUGAN can generate universal adversarial examples for the speech recognition model,explores the generation model in general against the validity of the sample,and compared with the method based on optimization,it improves the attack performance of generating adversarial examples.