Demystifying Limited Adversarial Transferability in Automatic Speech Recognition Systems
Authors: Hadi Abdullah, Aditya Karlekar, Vincent Bindschaedler, Patrick Traynor
ICLR 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this paper, we study this phenomenon, perform exhaustive experiments, and identify the factors that are preventing transferability in ASRs. To do so, we perform an ablation study on each stage of the ASR pipeline. |
| Researcher Affiliation | Academia | Hadi Abdullah, Aditya Karlekar, Vincent Bindschaedler, & Patrick Traynor University of Florida {hadi10102,akarlekar,vbindschaedler,traynor}@ufl.edu |
| Pseudocode | No | The paper describes the attack formulation using mathematical equations but does not provide structured pseudocode or an algorithm block. |
| Open Source Code | No | The paper mentions providing details for reproducibility in the Supplementary Materials and Section 3, but does not explicitly state that the source code for their methodology is made publicly available, nor does it provide a link to a code repository. |
| Open Datasets | Yes | Dataset: ... we use the small Google Speech Commands dataset (Warden, 2018). |
| Dataset Splits | No | The paper mentions using the Google Speech Commands dataset and training ASR instances, but does not explicitly provide specific training/validation/test dataset splits (e.g., percentages, sample counts, or explicit references to standard splits). |
| Hardware Specification | No | The paper does not provide specific details about the hardware used for running the experiments, such as GPU models, CPU types, or memory specifications. |
| Software Dependencies | No | The paper refers to using the 'vanilla RNN cell (sim, 2021)' which points to TensorFlow Keras documentation, implying TensorFlow, but does not specify a version number for TensorFlow or any other software dependencies. |
| Experiment Setup | Yes | Having outlined the six potential factors, we can now design an ablation study to measure their impact on transferability. ... We train five instances of the ASR on the exact same setup and hyper-parameters (architecture, random seed, epochs, batch size, training data slice, etc). ... We run the attack for 500 iterations. We save the adversarial sample every 50 iterations since the number of attack iterations can impact transferability (Dong et al., 2018). We also ensure that every saved adversarial sample has confidence greater than 0.99... |