https://github.com/shehzeen/waveguard_defense

This is the codebase for defense framework described in USENIX '21 paper "WaveGuard: Understanding and Mitigating Audio Adversarial Examples"
https://github.com/shehzeen/waveguard_defense

adversarial-machine-learning audio defense-methods machine-learning

Last synced: about 1 year ago
JSON representation

This is the codebase for defense framework described in USENIX '21 paper "WaveGuard: Understanding and Mitigating Audio Adversarial Examples"

• Host: GitHub
• URL: https://github.com/shehzeen/waveguard_defense
• Owner: shehzeen
• Created: 2020-10-15T19:00:24.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2021-10-20T05:22:18.000Z (over 4 years ago)
• Last Synced: 2025-02-25T06:23:34.983Z (over 1 year ago)
• Topics: adversarial-machine-learning, audio, defense-methods, machine-learning
• Language: Python
• Homepage:
• Size: 446 KB
• Stars: 17
• Watchers: 2
• Forks: 6
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# WaveGuard Defense

Code for our USENIX 21 paper [WaveGuard: Understanding and Mitigating Audio Adversarial Examples

](https://www.usenix.org/system/files/sec21fall-hussain.pdf).

Audio Examples from paper [Audio Examples](https://waveguard.herokuapp.com/)

## Requirements

``pip install -r requirements.txt``

Also install Deepspeech following the same instructions as in [https://github.com/carlini/audio_adversarial_examples](https://github.com/carlini/audio_adversarial_examples) to evaluate the defense. 

## Running the defense

Running the defense on a directory of wav files (sampled at 16KHz): 

```

python Defender/defender_multiple.py --in_dir  --out_base  --defender_type DEFENDER_TYPE --defender_hp DEFENDER_HYPERPARAMETER;

```

Defender type can be ``lpc, mel_heuristic, filter_power, quant, downsample_upsample``. defender_hp corresponds to number of lpc coeffecients, mel bins, quantization bits, downsampling rare for ``lpc, mel_heuristic, quant, downsample_upsample`` respectively.

## Evaluating the AUC

The contents of ``--in_adv`` can be generated using past works on audio adversairal examples( [1](https://github.com/carlini/audio_adversarial_examples), [2](https://github.com/cleverhans-lab/cleverhans/tree/ae4264f4d80abe3ad45628d88faa011ee13f0841/examples/adversarial_asr) ) by applying these attacks on the directory of benign audio examples ``--in_orig``. The contents defended directories ``--in_orig_def``, ``--in_adv_def`` need to be generated using one of our defenses described above. Then use ``transcribe_deepspeech.py`` to generate transcriptions from the deepspeech model for each directory. Then run below command to evaluate the AUC:

```python evaluate_detector.py --in_orig  --in_orig_def  --in_adv  --in_orig ```

## Citing our work

```

@inproceedings{hussain2021waveguard,

  title={WaveGuard: Understanding and Mitigating Audio Adversarial Examples},

  author={Hussain, Shehzeen and Neekhara, Paarth and Dubnov, Shlomo and McAuley, Julian and Koushanfar, Farinaz},

  booktitle={USENIX Security 21},

  year={2021}

}

```