polito.it
Politecnico di Torino (logo)

Adversarial Machine Learning applied to Automatic Speech Recognition systems

Damiano Serafino

Adversarial Machine Learning applied to Automatic Speech Recognition systems.

Rel. Riccardo Sisto. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (7MB) | Preview
[img] Archive (ZIP) (Documenti_allegati) - Other
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (21MB)
Abstract:

Nowadays, many devices use automatic speech recognition systems, which are based on machine learning models. But it is good to know that machine learning is not completely secure from attacks because there are Adversarial Machine Learning attacks which aims to deceive machine learning models by providing adversarial inputs. So, it is very important to understand what types of attacks are possible on these models and which defenses should be applied. For this it is necessary to analyze the various types of attacks, such as FGSM and PGD which are evasion attacks, which allow to create adversarial examples that in models without any type of defense cause a considerable decline in the performance of the model. In the audio field, a defense considered effective by many is MP3 compression, which should be able to remove the previous adversary noise applied by creating the adversarial example. But in the model analyzed in the first chapter, capable of classifying numbers from 0 to 9, this defense is very ineffective. Therefore, as presented in the second chapter, a new defense method was created, implementing a combined model of neural networks, in which given an initial audio input, an ensemble recognizes whether the audio is original or adversarial. The original data is forwarded to the neural network trained to classify on original audio, while the adversarial data is passed to a neural network trained with the adversarial training, that is trained not only on original data but even on adversarial data, and for this reason the model offers greater robustness with respect to these types of attacks. In addition, the topic of voice authentication is also dealt with, analyzing its advantages, disadvantages and risks.

Relators: Riccardo Sisto
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 92
Subjects:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Ente in cotutela: KARLSRUHE INSTITUTE OF TECHNOLOGY (GERMANIA)
Aziende collaboratrici: Blue Reply Srl
URI: http://webthesis.biblio.polito.it/id/eprint/25661
Modify record (reserved for operators) Modify record (reserved for operators)