Anomaly Detection of Test-Time Evasion Attacks in the Audio Domain
Open Access
Author:
Geer, Connor
Graduate Program:
Computer Science and Engineering
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
March 16, 2022
Committee Members:
Chitaranjan Das, Program Head/Chair George Kesidis, Thesis Advisor/Co-Advisor David Jonathan Miller, Committee Member Syed Rafiul Hussain, Committee Member
Deep Neural Network (DNN) models have been used to achieve state-of-the-art performance
in speech recognition and Music Information Retrieval (MIR) tasks. However, DNNs per-
forming these tasks have also been shown to be vulnerable to adversarial attacks that lead
to high-confidence but incorrect outputs from DNN models. These adversarial effects occur
with only very small perturbations to the input. This work demonstrates applying anomaly
detection techniques to the audio domain which have been shown to be effective at detecting
attacks in the image domain. These techniques generate detection statistics and are used
to detect attacks in speech recognition and MIR tasks. We find that in these tasks the
defenses detect attacks at a high rate of effectiveness even in scenarios where the attacks are
sufficiently subtle to leave little to no indication to a human listener that an attack is taking
place.
