ML Security PapersOver-the-air White-box Attack on the Wav2Vec Speech Recognition Neural Network
Published on arXiv
2603.16972
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
Develops approaches for making over-the-air adversarial attacks on Wav2Vec less detectable to human hearing
Carlini attack
Novel technique introduced
Automatic speech recognition systems based on neural networks are vulnerable to adversarial attacks that alter transcriptions in a malicious way. Recent works in this field have focused on making attacks work in over-the-air scenarios, however such attacks are typically detectable by human hearing, limiting their potential applications. In the present work we explore different approaches of making over-the-air attacks less detectable, as well as the impact these approaches have on the attacks' effectiveness.
Key Contributions
- Explores methods to reduce human detectability of over-the-air adversarial audio attacks
- Evaluates trade-offs between imperceptibility and attack effectiveness in physical speech recognition attacks
🛡️ Threat Analysis
Adversarial perturbation attack on speech recognition neural networks at inference time, exploring optimization approaches to reduce human detectability while maintaining attack effectiveness in physical over-the-air scenarios.