Study On GAN-based Speech Adversarial Example Generation And Defense Algorithm

In recent years,with the continuous improvement of computing power of computer hardware and the emergence of large-scale data sets,deep learning has greatly promoted the development of artificial intelligence.However,studies show that deep learning-based ai models have robustness problems and are susceptible to adversarial examples.At present,white box speech adversation example generation algorithm is divided into gradient-based algorithm and constraint-based algorithm.The advantage of gradient-based algorithm is that it can generate speech adversarial example quickly,but the disadvantage is that the generated speech adversarial example has poor attack force,large perturbation and poor auditory perception.The advantage of constraint-based algorithm is that it can ensure the quality of speech adversarial examples,but the disadvantage is that it needs to consume a lot of computing resources.Based on the advantages and disadvantages of the two algorithms mentioned above,this thesis proposes a white-box speech adversarial example generation algorithm which can quickly generate small speech adversarial perturbation,good auditory perception and strong attack power.This proposed speech adversarial example generation algorithm employs GAN to learn the distribution of speech adversarial perturbations,and generates speech adversarial examples by adding speech adversarial perturbations to benign speech examples,including untarget speech adversarial example generation algorithm and target speech adversarial example generation algorithm.The architecture consists of a generator,a discriminator,a pre-trained target speech model based on deep learning.The generator uses the convolutional and recurrent neural network based on Unet to make the speech adversarial perturbation more suitable for speech characteristics.The loss function includes: GAN training loss,speech adversarial perturbation minimization loss,psychoacoustic loss of speech adversarial examples,and reasoning loss of pre-trained target based on deep learning speech model.GAN training loss is used to ensure the stability of the training process.Speech adversarial perturbation minimization loss can reduce the size of speech adversarial perturbation.The psychoacoustic loss of speech adversarial examples can improve the auditory perception of the generated speech adversarial examples.The reasoning loss of the pre-trained target based on deep learning speech model can improve the attack power of the generated speech adversarial examples.Experimental results show that the proposed algorithm can generate white-box speech adversarial example with small speech adversarial perturbation,good auditory perception and strong attack power.At present,the advantage of preprocessing-based speech adversarial example defense algorithm is that it does not need to modify the model,but the disadvantage is that it cannot effectively restore the speech adversarial example to benign speech example.Aiming at the shortcomings of the existing preprocessing-based speech adversarial example defense algorithm,this thesis proposes a new,fast,preprocessing-based speech adversarial example defense algorithm,which can effectively restore the speech adversarial example to the benign speech example.The proposed speech adversarial example defense algorithm employs GAN to learn the mapping of speech adversarial examples to benign speech examples,and defend against speech adversarial examples by projecting the speech adversarial examples back to benign speech examples.The architecture is composed of a generator,a discriminator and a pre-trained target speech model based on deep learning.The generator uses a convolutional and recurrent neural network based on Unet to better learn the mapping of speech adversarial examples to benign speech examples.The loss function includes: GAN training loss,speech adversarial perturbation minimization loss,and reasoning loss of pre-trained target based on deep learning speech model.GAN training loss is used to ensure the stability of the training process.Speech adversarial perturbation minimization loss and reasoning loss of pre-trained target based on deep learning speech model can improve generator’s ability to project speech adversarial examples back to benign speech examples.The proposed algorithm and four other speech adversarial example defense algorithms are evaluated on three deep learning-based speech recognition models and one deep learning-based speech classification model respectively.Experimental results show that the algorithm has a good defense performance,but there is still room for improvement.