|![[Search]](http://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](http://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](http://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](http://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](http://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > CUED Speech Group Seminars > Controlling and Muting Whisper: Universal Acoustic Adversarial Attacks on Speech Foundation Models
Controlling and Muting Whisper: Universal Acoustic Adversarial Attacks on Speech Foundation ModelsAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Simon Webster McKnight. Speech-enabled foundation models, such as the OpenAI Whisper model, are increasingly popular for their ability to perform various tasks beyond automatic speech recognition (ASR) using appropriate prompts. These models, including audio-prompted large language models (LLMs), offer significant flexibility, allowing for tasks like speech transcription and translation. However, this flexibility introduces susceptibility to adversarial attacks that can control the model’s behavior by altering the audio input. In our work, we demonstrate two forms of adversarial control over Whisper. The first form, “controlling Whisper,” shows that it is possible to prepend a short universal adversarial acoustic segment to any input speech signal, overriding the prompt settings of an ASR foundation model. Specifically, we successfully use this segment to force Whisper to always perform speech translation, even when set to perform speech transcription. The second form, “muting Whisper,” exploits Whisper’s use of special tokens in its vocabulary. We propose a method to learn a universal acoustic realization of Whisper’s special token, which, when prepended to any speech signal, causes the model to transcribe only the token, effectively muting the model. Our experiments demonstrate that a universal 0.64-second adversarial audio segment can mute a target Whisper ASR model for over 97% of speech samples and often transfers to new datasets and tasks. Overall, these works highlight the vulnerabilities of multi-tasking speech-enabled foundation models to adversarial attacks, demonstrating significant risks and potential implications for real-world applications. This talk is part of the CUED Speech Group Seminars series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsepigenetic club Centre for Science and Policy Lectures & Seminars Education TechnologyOther talksRound Table Discussion: The Future of Adaptive Active Matter Singularity of Lévy walks in the lifted Pomeau-Manneville map Challenges and opportunities for viral respiratory surveillance in the post-pandemic era Spontaneous Transitions in Fish Schools Group Work Group Work |
Monday 19 August 2024, 12:00-13:00