DualPure: An Efficient Adversarial Purification Method for Speech Command Recognition

Hao Tan; Xiaochen Liu; Huan Zhang; Junjian Zhang; Yaguan Qian; Zhaoquan Gu

doi:10.21437/Interspeech.2024-855

DualPure: An Efficient Adversarial Purification Method for Speech Command Recognition

Hao Tan
, Xiaochen Liu
, Huan Zhang
, Junjian Zhang
, Yaguan Qian
, Zhaoquan Gu^*

^*Corresponding author for this work

Harbin Institute of Technology Shenzhen
Peng Cheng Laboratory
Guangzhou University
Zhejiang University of Science and Technology

Research output: Contribution to journal › Conference article › peer-review

3 Scopus citations

Abstract

Adversarial examples pose a security threat to Autopilot's speech command recognition module, which attracted widespread attention from researchers. Previous works purify the malicious adversarial perturbations through pre-processing data from the time and frequency domain information. However, these methods either have a weak purification capacity or require a significant purification cost. To tackle these problems, we propose a real-time and efficient purification-based defense method DualPure, which combines the two defense aspects in the time and frequency domain for co-purification. Specifically, we first disrupt the potential malicious perturbation in the sample at the waveform level and then apply an unconditional diffusion model to purify the feature at the frequency level. Numerous experiments show that the proposed method can effectively purify and achieve good adversarial robustness in white-box attacks (+ ∼ 6.3%) and black-box attacks (+ ∼ 1.08%).

Original language	English
Pages (from-to)	1280-1284
Number of pages	5
Journal	Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH
DOIs	https://doi.org/10.21437/Interspeech.2024-855
State	Published - 2024
Externally published	Yes
Event	25th Interspeech Conferece 2024 - Kos Island, Greece Duration: 1 Sep 2024 → 5 Sep 2024

Keywords

adversarial example
adversarial purification
diffusion model
speech command recognition

Access to Document

10.21437/Interspeech.2024-855

Cite this

@article{c21b10dded2d4096abe28a093b4bd2e4,

title = "DualPure: An Efficient Adversarial Purification Method for Speech Command Recognition",

abstract = "Adversarial examples pose a security threat to Autopilot's speech command recognition module, which attracted widespread attention from researchers. Previous works purify the malicious adversarial perturbations through pre-processing data from the time and frequency domain information. However, these methods either have a weak purification capacity or require a significant purification cost. To tackle these problems, we propose a real-time and efficient purification-based defense method DualPure, which combines the two defense aspects in the time and frequency domain for co-purification. Specifically, we first disrupt the potential malicious perturbation in the sample at the waveform level and then apply an unconditional diffusion model to purify the feature at the frequency level. Numerous experiments show that the proposed method can effectively purify and achieve good adversarial robustness in white-box attacks (+ ∼ 6.3\%) and black-box attacks (+ ∼ 1.08\%).",

keywords = "adversarial example, adversarial purification, diffusion model, speech command recognition",

author = "Hao Tan and Xiaochen Liu and Huan Zhang and Junjian Zhang and Yaguan Qian and Zhaoquan Gu",

note = "Publisher Copyright: {\textcopyright} 2024 International Speech Communication Association. All rights reserved.; 25th Interspeech Conferece 2024 ; Conference date: 01-09-2024 Through 05-09-2024",

year = "2024",

doi = "10.21437/Interspeech.2024-855",

language = "英语",

pages = "1280--1284",

journal = "Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH",

issn = "2308-457X",

publisher = "International Speech Communication Association",

}

TY - JOUR

T1 - DualPure

T2 - 25th Interspeech Conferece 2024

AU - Tan, Hao

AU - Liu, Xiaochen

AU - Zhang, Huan

AU - Zhang, Junjian

AU - Qian, Yaguan

AU - Gu, Zhaoquan

PY - 2024

Y1 - 2024

N2 - Adversarial examples pose a security threat to Autopilot's speech command recognition module, which attracted widespread attention from researchers. Previous works purify the malicious adversarial perturbations through pre-processing data from the time and frequency domain information. However, these methods either have a weak purification capacity or require a significant purification cost. To tackle these problems, we propose a real-time and efficient purification-based defense method DualPure, which combines the two defense aspects in the time and frequency domain for co-purification. Specifically, we first disrupt the potential malicious perturbation in the sample at the waveform level and then apply an unconditional diffusion model to purify the feature at the frequency level. Numerous experiments show that the proposed method can effectively purify and achieve good adversarial robustness in white-box attacks (+ ∼ 6.3%) and black-box attacks (+ ∼ 1.08%).

AB - Adversarial examples pose a security threat to Autopilot's speech command recognition module, which attracted widespread attention from researchers. Previous works purify the malicious adversarial perturbations through pre-processing data from the time and frequency domain information. However, these methods either have a weak purification capacity or require a significant purification cost. To tackle these problems, we propose a real-time and efficient purification-based defense method DualPure, which combines the two defense aspects in the time and frequency domain for co-purification. Specifically, we first disrupt the potential malicious perturbation in the sample at the waveform level and then apply an unconditional diffusion model to purify the feature at the frequency level. Numerous experiments show that the proposed method can effectively purify and achieve good adversarial robustness in white-box attacks (+ ∼ 6.3%) and black-box attacks (+ ∼ 1.08%).

KW - adversarial example

KW - adversarial purification

KW - diffusion model

KW - speech command recognition

UR - https://www.scopus.com/pages/publications/85214832422

U2 - 10.21437/Interspeech.2024-855

DO - 10.21437/Interspeech.2024-855

M3 - 会议文章

AN - SCOPUS:85214832422

SN - 2308-457X

SP - 1280

EP - 1284

JO - Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH

JF - Proceedings of the Annual Conference of the International Speech Communication Association, INTERSPEECH

Y2 - 1 September 2024 through 5 September 2024

ER -

DualPure: An Efficient Adversarial Purification Method for Speech Command Recognition

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this