Speech Pattern based Black-box Model Watermarking for Automatic Speech
Recognition
- URL: http://arxiv.org/abs/2110.09814v1
- Date: Tue, 19 Oct 2021 09:01:41 GMT
- Title: Speech Pattern based Black-box Model Watermarking for Automatic Speech
Recognition
- Authors: Haozhe Chen, Weiming Zhang, Kunlin Liu, Kejiang Chen, Han Fang,
Nenghai Yu
- Abstract summary: How to design a black-box watermarking scheme for automatic speech recognition models is still an unsolved problem.
We propose the first black-box model watermarking framework for protecting the IP of ASR models.
Experiments on the state-of-the-art open-source ASR system DeepSpeech demonstrate the feasibility of the proposed watermarking scheme.
- Score: 83.2274907780273
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: As an effective method for intellectual property (IP) protection, model
watermarking technology has been applied on a wide variety of deep neural
networks (DNN), including speech classification models. However, how to design
a black-box watermarking scheme for automatic speech recognition (ASR) models
is still an unsolved problem, which is a significant demand for protecting
remote ASR Application Programming Interface (API) deployed in cloud servers.
Due to conditional independence assumption and label-detection-based evasion
attack risk of ASR models, the black-box model watermarking scheme for speech
classification models cannot apply to ASR models. In this paper, we propose the
first black-box model watermarking framework for protecting the IP of ASR
models. Specifically, we synthesize trigger audios by spreading the speech
clips of model owners over the entire input audios and labeling the trigger
audios with the stego texts, which hides the authorship information with
linguistic steganography. Experiments on the state-of-the-art open-source ASR
system DeepSpeech demonstrate the feasibility of the proposed watermarking
scheme, which is robust against five kinds of attacks and has little impact on
accuracy.
Related papers
- ModelShield: Adaptive and Robust Watermark against Model Extraction Attack [58.46326901858431]
Large language models (LLMs) demonstrate general intelligence across a variety of machine learning tasks.
adversaries can still utilize model extraction attacks to steal the model intelligence encoded in model generation.
Watermarking technology offers a promising solution for defending against such attacks by embedding unique identifiers into the model-generated content.
arXiv Detail & Related papers (2024-05-03T06:41:48Z) - Topic Identification For Spontaneous Speech: Enriching Audio Features
With Embedded Linguistic Information [10.698093106994804]
Traditional topic identification solutions from audio rely on an automatic speech recognition system (ASR) to produce transcripts.
We compare audio-only and hybrid techniques of jointly utilising text and audio features.
The models evaluated on spontaneous Finnish speech demonstrate that purely audio-based solutions are a viable option when ASR components are not available.
arXiv Detail & Related papers (2023-07-21T09:30:46Z) - SlothSpeech: Denial-of-service Attack Against Speech Recognition Models [6.984028236389121]
In this work, we propose SlothSpeech, a denial-of-service attack against automatic speech recognition models.
We find that SlothSpeech generated inputs can increase the latency up to 40X times the latency induced by benign input.
arXiv Detail & Related papers (2023-06-01T15:25:14Z) - Streaming Speaker-Attributed ASR with Token-Level Speaker Embeddings [53.11450530896623]
This paper presents a streaming speaker-attributed automatic speech recognition (SA-ASR) model that can recognize "who spoke what"
Our model is based on token-level serialized output training (t-SOT) which was recently proposed to transcribe multi-talker speech in a streaming fashion.
The proposed model achieves substantially better accuracy than a prior streaming model and shows comparable or sometimes even superior results to the state-of-the-art offline SA-ASR model.
arXiv Detail & Related papers (2022-03-30T21:42:00Z) - Robustifying automatic speech recognition by extracting slowly varying features [16.74051650034954]
We propose a defense mechanism against targeted adversarial attacks.
We use hybrid ASR models trained on data pre-processed in such a way.
Our model shows a performance on clean data similar to the baseline model, while being more than four times more robust.
arXiv Detail & Related papers (2021-12-14T13:50:23Z) - Blackbox Untargeted Adversarial Testing of Automatic Speech Recognition
Systems [1.599072005190786]
Speech recognition systems are prevalent in applications for voice navigation and voice control of domestic appliances.
Deep neural networks (DNNs) have been shown to be susceptible to adversarial perturbations.
To help test the correctness of ASRS, we propose techniques that automatically generate blackbox.
arXiv Detail & Related papers (2021-12-03T10:21:47Z) - Streaming End-to-End ASR based on Blockwise Non-Autoregressive Models [57.20432226304683]
Non-autoregressive (NAR) modeling has gained more and more attention in speech processing.
We propose a novel end-to-end streaming NAR speech recognition system.
We show that the proposed method improves online ASR recognition in low latency conditions.
arXiv Detail & Related papers (2021-07-20T11:42:26Z) - Robust Black-box Watermarking for Deep NeuralNetwork using Inverse
Document Frequency [1.2502377311068757]
We propose a framework for watermarking a Deep Neural Networks (DNNs) model designed for a textual domain.
The proposed embedding procedure takes place in the model's training time, making the watermark verification stage straightforward.
The experimental results show that watermarked models have the same accuracy as the original ones.
arXiv Detail & Related papers (2021-03-09T17:56:04Z) - Deep Model Intellectual Property Protection via Deep Watermarking [122.87871873450014]
Deep neural networks are exposed to serious IP infringement risks.
Given a target deep model, if the attacker knows its full information, it can be easily stolen by fine-tuning.
We propose a new model watermarking framework for protecting deep networks trained for low-level computer vision or image processing tasks.
arXiv Detail & Related papers (2021-03-08T18:58:21Z) - Model Watermarking for Image Processing Networks [120.918532981871]
How to protect the intellectual property of deep models is a very important but seriously under-researched problem.
We propose the first model watermarking framework for protecting image processing models.
arXiv Detail & Related papers (2020-02-25T18:36:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.