Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Adversarial Audio Attacks that Evade Temporal D...

Gregory Ditzler
December 09, 2020
Research
0
67

Adversarial Audio Attacks that Evade Temporal Dependency

SSCI 2020. Presented by Heng Liu

Gregory Ditzler

December 09, 2020
Tweet

More Decks by Gregory Ditzler

See All by Gregory Ditzler
Machine Learning Lectures - Introduction
gditzler
0
45
Machine Learning Lectures - Probability
gditzler
0
26
Machine Learning Lectures - Linear Models
gditzler
0
42
Machine Learning Lectures - Unsupervised Learning
gditzler
0
37
Machine Learning Lectures - Dimensionality Reduction
gditzler
0
34
Machine Learning Lectures - Unsupervised Learning
gditzler
0
13
Machine Learning Lectures - Support Vector Machines
gditzler
0
62
Machine Learning Lectures - Decision Trees
gditzler
0
21
Machine Learning Lectures - Adaboost
gditzler
0
57

Other Decks in Research

See All in Research
Kaggle役立ちアイテム紹介(入門編)
k951286
14
4.6k
ニューラルネットワークの損失地形
joisino
PRO
35
16k
非ガウス性と非線形性に基づく統計的因果探索
sshimizu2006
0
370
第79回 産総研人工知能セミナー 発表資料
agiats
2
160
Global Evidence Summit (GES) 参加報告
daimoriwaki
0
160
論文読み会 SNLP2024 Instruction-tuned Language Models are Better Knowledge Learners. In: ACL 2024
s_mizuki_nlp
1
360
秘伝:脆弱性診断をうまく活用してセキュリティを確保するには
okdt
PRO
3
740
Weekly AI Agents News! 10月号 プロダクト/ニュースのアーカイブ
masatoto
1
120
VisFocus: Prompt-Guided Vision Encoders for OCR-Free Dense Document Understanding
sansan_randd
1
250
SNLP2024:Planning Like Human: A Dual-process Framework for Dialogue Planning
yukizenimoto
1
330
Isotropy, Clusters, and Classifiers
hpprc
3
630
Zipf 白色化:タイプとトークンの区別がもたらす良質な埋め込み空間と損失関数
eumesy
PRO
6
710

Featured

See All Featured
Side Projects
sachag
452
42k
Become a Pro
speakerdeck
PRO
25
5k
A Philosophy of Restraint
colly
203
16k
Thoughts on Productivity
jonyablonski
67
4.3k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Building Your Own Lightsaber
phodgson
103
6.1k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
The World Runs on Bad Software
bkeepers
PRO
65
11k
4 Signs Your Business is Dying
shpigford
180
21k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
GraphQLとの向き合い方2022年版
quramy
43
13k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
110

Transcript

  1. Adversarial Audio Attacks that Evade Temporal Dependency Heng Liu and

    Gregory Ditzler
 Department of Electrical & Computer Engineering
 University of Arizona
 Tucson, AZ 85721 USA
 {hengl, ditzler}@email.arizona.edu SSCI 2020

  2. Outline • Introduction • Related work s • Adversarial audio

    attack and detection methods • Temporal Dependency-based detection • Contribution s • Experiment s • Conclusion and future works

  3. Introduction: Insecure DNNs Adversarial image example I. J. Goodfellow, J.

    Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” in International Conference on Learning Representations, 2014.

  4. Introduction: Insecure DNNs Adversarial audio example N. Carlini and D.

    Wagner, “Audio adversarial examples: Targeted attacks on speech-to-text,” in IEEE Security and Privacy Workshops (SPW), 2018.

  5. Related works: adversarial audio examples Adversarial audio attacks • Gradient

    based audio attac k • Carlini and Wagner, 2018, SPW • Gradient based audio attack (over-the-air ) • Yukura and Sakuma, IJCAI, 2019 • Black-box audio attack (free of gradient calculation ) • Taori et al., SPW, 2019 Adversarial audio detection • Feature transformation • Frequency filters • Temporal dependency-based methods Yang, et al., “Characterizing audio adversarial examples using temporal dependency,” in International Conference on Learning Representations, 2019. K. Rajaratnam and J. Kalita, “Noise flooding for detecting audio adversarial examples against automatic speech recognition,” in IEEE International Symposium on Signal Processing and Information Technology, pp. 197–201, 2018.

  6. 6 Related works: Temporal Dependency Yang, et al., “Characterizing audio

    adversarial examples using temporal dependency,” in International Conference on Learning Representations, 2019. Temporal dependency: • Depicts the timely relations in a sequenc e • Modeled explicitly (e.g., hidden states in LSTM, attention in transformer ) • Open issue: temporal dependency’s role in adversarial audio remains unclea r Temporal dependency-based detection: X <latexit sha1_base64="hf6hOeTjseL13iz+i/MO/ptaY5E=">AAAB6HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48t2A9oQ9lsJ+3azSbsboQS+gu8eFDEqz/Jm//GbZuDtj4YeLw3w8y8IBFcG9f9dgobm1vbO8Xd0t7+weFR+fikreNUMWyxWMSqG1CNgktsGW4EdhOFNAoEdoLJ3dzvPKHSPJYPZpqgH9GR5CFn1Fip2R2UK27VXYCsEy8nFcjRGJS/+sOYpRFKwwTVuue5ifEzqgxnAmelfqoxoWxCR9izVNIItZ8tDp2RC6sMSRgrW9KQhfp7IqOR1tMosJ0RNWO96s3F/7xeasIbP+MySQ1KtlwUpoKYmMy/JkOukBkxtYQyxe2thI2poszYbEo2BG/15XXSvqp6btVrXlfqt3kcRTiDc7gED2pQh3toQAsYIDzDK7w5j86L8+58LFsLTj5zCn/gfP4AtbmM3A==</latexit> <latexit sha1_base64="hf6hOeTjseL13iz+i/MO/ptaY5E=">AAAB6HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48t2A9oQ9lsJ+3azSbsboQS+gu8eFDEqz/Jm//GbZuDtj4YeLw3w8y8IBFcG9f9dgobm1vbO8Xd0t7+weFR+fikreNUMWyxWMSqG1CNgktsGW4EdhOFNAoEdoLJ3dzvPKHSPJYPZpqgH9GR5CFn1Fip2R2UK27VXYCsEy8nFcjRGJS/+sOYpRFKwwTVuue5ifEzqgxnAmelfqoxoWxCR9izVNIItZ8tDp2RC6sMSRgrW9KQhfp7IqOR1tMosJ0RNWO96s3F/7xeasIbP+MySQ1KtlwUpoKYmMy/JkOukBkxtYQyxe2thI2poszYbEo2BG/15XXSvqp6btVrXlfqt3kcRTiDc7gED2pQh3toQAsYIDzDK7w5j86L8+58LFsLTj5zCn/gfP4AtbmM3A==</latexit> <latexit sha1_base64="hf6hOeTjseL13iz+i/MO/ptaY5E=">AAAB6HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48t2A9oQ9lsJ+3azSbsboQS+gu8eFDEqz/Jm//GbZuDtj4YeLw3w8y8IBFcG9f9dgobm1vbO8Xd0t7+weFR+fikreNUMWyxWMSqG1CNgktsGW4EdhOFNAoEdoLJ3dzvPKHSPJYPZpqgH9GR5CFn1Fip2R2UK27VXYCsEy8nFcjRGJS/+sOYpRFKwwTVuue5ifEzqgxnAmelfqoxoWxCR9izVNIItZ8tDp2RC6sMSRgrW9KQhfp7IqOR1tMosJ0RNWO96s3F/7xeasIbP+MySQ1KtlwUpoKYmMy/JkOukBkxtYQyxe2thI2poszYbEo2BG/15XXSvqp6btVrXlfqt3kcRTiDc7gED2pQh3toQAsYIDzDK7w5j86L8+58LFsLTj5zCn/gfP4AtbmM3A==</latexit> <latexit sha1_base64="hf6hOeTjseL13iz+i/MO/ptaY5E=">AAAB6HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48t2A9oQ9lsJ+3azSbsboQS+gu8eFDEqz/Jm//GbZuDtj4YeLw3w8y8IBFcG9f9dgobm1vbO8Xd0t7+weFR+fikreNUMWyxWMSqG1CNgktsGW4EdhOFNAoEdoLJ3dzvPKHSPJYPZpqgH9GR5CFn1Fip2R2UK27VXYCsEy8nFcjRGJS/+sOYpRFKwwTVuue5ifEzqgxnAmelfqoxoWxCR9izVNIItZ8tDp2RC6sMSRgrW9KQhfp7IqOR1tMosJ0RNWO96s3F/7xeasIbP+MySQ1KtlwUpoKYmMy/JkOukBkxtYQyxe2thI2poszYbEo2BG/15XXSvqp6btVrXlfqt3kcRTiDc7gED2pQh3toQAsYIDzDK7w5j86L8+58LFsLTj5zCn/gfP4AtbmM3A==</latexit> Xa <latexit sha1_base64="brABWL5OsX8Jz8MP4mZ2jZoh4/U=">AAAB6nicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48V7Qe0sUy2m3bpZhN2N0IJ/QlePCji1V/kzX/jts1BWx8MPN6bYWZekAiujet+O4W19Y3NreJ2aWd3b/+gfHjU0nGqKGvSWMSqE6BmgkvWNNwI1kkUwygQrB2Mb2Z++4kpzWP5YCYJ8yMcSh5yisZK951H7JcrbtWdg6wSLycVyNHol796g5imEZOGCtS667mJ8TNUhlPBpqVeqlmCdIxD1rVUYsS0n81PnZIzqwxIGCtb0pC5+nsiw0jrSRTYzgjNSC97M/E/r5ua8MrPuExSwyRdLApTQUxMZn+TAVeMGjGxBKni9lZCR6iQGptOyYbgLb+8SloXVc+teneXlfp1HkcRTuAUzsGDGtThFhrQBApDeIZXeHOE8+K8Ox+L1oKTzxzDHzifPyIrja8=</latexit> <latexit sha1_base64="brABWL5OsX8Jz8MP4mZ2jZoh4/U=">AAAB6nicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48V7Qe0sUy2m3bpZhN2N0IJ/QlePCji1V/kzX/jts1BWx8MPN6bYWZekAiujet+O4W19Y3NreJ2aWd3b/+gfHjU0nGqKGvSWMSqE6BmgkvWNNwI1kkUwygQrB2Mb2Z++4kpzWP5YCYJ8yMcSh5yisZK951H7JcrbtWdg6wSLycVyNHol796g5imEZOGCtS667mJ8TNUhlPBpqVeqlmCdIxD1rVUYsS0n81PnZIzqwxIGCtb0pC5+nsiw0jrSRTYzgjNSC97M/E/r5ua8MrPuExSwyRdLApTQUxMZn+TAVeMGjGxBKni9lZCR6iQGptOyYbgLb+8SloXVc+teneXlfp1HkcRTuAUzsGDGtThFhrQBApDeIZXeHOE8+K8Ox+L1oKTzxzDHzifPyIrja8=</latexit> <latexit sha1_base64="brABWL5OsX8Jz8MP4mZ2jZoh4/U=">AAAB6nicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48V7Qe0sUy2m3bpZhN2N0IJ/QlePCji1V/kzX/jts1BWx8MPN6bYWZekAiujet+O4W19Y3NreJ2aWd3b/+gfHjU0nGqKGvSWMSqE6BmgkvWNNwI1kkUwygQrB2Mb2Z++4kpzWP5YCYJ8yMcSh5yisZK951H7JcrbtWdg6wSLycVyNHol796g5imEZOGCtS667mJ8TNUhlPBpqVeqlmCdIxD1rVUYsS0n81PnZIzqwxIGCtb0pC5+nsiw0jrSRTYzgjNSC97M/E/r5ua8MrPuExSwyRdLApTQUxMZn+TAVeMGjGxBKni9lZCR6iQGptOyYbgLb+8SloXVc+teneXlfp1HkcRTuAUzsGDGtThFhrQBApDeIZXeHOE8+K8Ox+L1oKTzxzDHzifPyIrja8=</latexit> <latexit sha1_base64="brABWL5OsX8Jz8MP4mZ2jZoh4/U=">AAAB6nicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48V7Qe0sUy2m3bpZhN2N0IJ/QlePCji1V/kzX/jts1BWx8MPN6bYWZekAiujet+O4W19Y3NreJ2aWd3b/+gfHjU0nGqKGvSWMSqE6BmgkvWNNwI1kkUwygQrB2Mb2Z++4kpzWP5YCYJ8yMcSh5yisZK951H7JcrbtWdg6wSLycVyNHol796g5imEZOGCtS667mJ8TNUhlPBpqVeqlmCdIxD1rVUYsS0n81PnZIzqwxIGCtb0pC5+nsiw0jrSRTYzgjNSC97M/E/r5ua8MrPuExSwyRdLApTQUxMZn+TAVeMGjGxBKni9lZCR6iQGptOyYbgLb+8SloXVc+teneXlfp1HkcRTuAUzsGDGtThFhrQBApDeIZXeHOE8+K8Ox+L1oKTzxzDHzifPyIrja8=</latexit> X[: k] <latexit sha1_base64="W7Nf6gI4Ho7VydpEZnIV6Cmf7Ts=">AAAB7HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEUDwVvXisYNpCG8pmu2mXbjZhdyKU0N/gxYMiXv1B3vw3btsctPXBwOO9GWbmhakUBl332ymtrW9sbpW3Kzu7e/sH1cOjlkkyzbjPEpnoTkgNl0JxHwVK3kk1p3EoeTsc38389hPXRiTqEScpD2I6VCISjKKV/E73Zhz0qzW37s5BVolXkBoUaParX71BwrKYK2SSGtP13BSDnGoUTPJppZcZnlI2pkPetVTRmJsgnx87JWdWGZAo0bYUkrn6eyKnsTGTOLSdMcWRWfZm4n9eN8PoOsiFSjPkii0WRZkkmJDZ52QgNGcoJ5ZQpoW9lbAR1ZShzadiQ/CWX14lrYu659a9h8ta47aIowwncArn4MEVNOAemuADAwHP8ApvjnJenHfnY9FacoqZY/gD5/MHXcaOYQ==</latexit> <latexit sha1_base64="W7Nf6gI4Ho7VydpEZnIV6Cmf7Ts=">AAAB7HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEUDwVvXisYNpCG8pmu2mXbjZhdyKU0N/gxYMiXv1B3vw3btsctPXBwOO9GWbmhakUBl332ymtrW9sbpW3Kzu7e/sH1cOjlkkyzbjPEpnoTkgNl0JxHwVK3kk1p3EoeTsc38389hPXRiTqEScpD2I6VCISjKKV/E73Zhz0qzW37s5BVolXkBoUaParX71BwrKYK2SSGtP13BSDnGoUTPJppZcZnlI2pkPetVTRmJsgnx87JWdWGZAo0bYUkrn6eyKnsTGTOLSdMcWRWfZm4n9eN8PoOsiFSjPkii0WRZkkmJDZ52QgNGcoJ5ZQpoW9lbAR1ZShzadiQ/CWX14lrYu659a9h8ta47aIowwncArn4MEVNOAemuADAwHP8ApvjnJenHfnY9FacoqZY/gD5/MHXcaOYQ==</latexit> <latexit sha1_base64="W7Nf6gI4Ho7VydpEZnIV6Cmf7Ts=">AAAB7HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEUDwVvXisYNpCG8pmu2mXbjZhdyKU0N/gxYMiXv1B3vw3btsctPXBwOO9GWbmhakUBl332ymtrW9sbpW3Kzu7e/sH1cOjlkkyzbjPEpnoTkgNl0JxHwVK3kk1p3EoeTsc38389hPXRiTqEScpD2I6VCISjKKV/E73Zhz0qzW37s5BVolXkBoUaParX71BwrKYK2SSGtP13BSDnGoUTPJppZcZnlI2pkPetVTRmJsgnx87JWdWGZAo0bYUkrn6eyKnsTGTOLSdMcWRWfZm4n9eN8PoOsiFSjPkii0WRZkkmJDZ52QgNGcoJ5ZQpoW9lbAR1ZShzadiQ/CWX14lrYu659a9h8ta47aIowwncArn4MEVNOAemuADAwHP8ApvjnJenHfnY9FacoqZY/gD5/MHXcaOYQ==</latexit> <latexit sha1_base64="W7Nf6gI4Ho7VydpEZnIV6Cmf7Ts=">AAAB7HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEUDwVvXisYNpCG8pmu2mXbjZhdyKU0N/gxYMiXv1B3vw3btsctPXBwOO9GWbmhakUBl332ymtrW9sbpW3Kzu7e/sH1cOjlkkyzbjPEpnoTkgNl0JxHwVK3kk1p3EoeTsc38389hPXRiTqEScpD2I6VCISjKKV/E73Zhz0qzW37s5BVolXkBoUaParX71BwrKYK2SSGtP13BSDnGoUTPJppZcZnlI2pkPetVTRmJsgnx87JWdWGZAo0bYUkrn6eyKnsTGTOLSdMcWRWfZm4n9eN8PoOsiFSjPkii0WRZkkmJDZ52QgNGcoJ5ZQpoW9lbAR1ZShzadiQ/CWX14lrYu659a9h8ta47aIowwncArn4MEVNOAemuADAwHP8ApvjnJenHfnY9FacoqZY/gD5/MHXcaOYQ==</latexit> Xa[: k] <latexit sha1_base64="oVuAS+NAx7QKgcjhSdsJUdNceRE=">AAAB7nicbVBNS8NAEJ34WetX1aOXxSJ4KokIiqeiF48V7Ae0sWy2k3bJZhN2N0IJ/RFePCji1d/jzX/jts1BWx8MPN6bYWZekAqujet+Oyura+sbm6Wt8vbO7t5+5eCwpZNMMWyyRCSqE1CNgktsGm4EdlKFNA4EtoPoduq3n1BpnsgHM07Rj+lQ8pAzaqzU7jzS7nXk9ytVt+bOQJaJV5AqFGj0K1+9QcKyGKVhgmrd9dzU+DlVhjOBk3Iv05hSFtEhdi2VNEbt57NzJ+TUKgMSJsqWNGSm/p7Iaaz1OA5sZ0zNSC96U/E/r5uZ8MrPuUwzg5LNF4WZICYh09/JgCtkRowtoUxxeythI6ooMzahsg3BW3x5mbTOa55b8+4vqvWbIo4SHMMJnIEHl1CHO2hAExhE8Ayv8Oakzovz7nzMW1ecYuYI/sD5/AHNNY80</latexit> <latexit sha1_base64="oVuAS+NAx7QKgcjhSdsJUdNceRE=">AAAB7nicbVBNS8NAEJ34WetX1aOXxSJ4KokIiqeiF48V7Ae0sWy2k3bJZhN2N0IJ/RFePCji1d/jzX/jts1BWx8MPN6bYWZekAqujet+Oyura+sbm6Wt8vbO7t5+5eCwpZNMMWyyRCSqE1CNgktsGm4EdlKFNA4EtoPoduq3n1BpnsgHM07Rj+lQ8pAzaqzU7jzS7nXk9ytVt+bOQJaJV5AqFGj0K1+9QcKyGKVhgmrd9dzU+DlVhjOBk3Iv05hSFtEhdi2VNEbt57NzJ+TUKgMSJsqWNGSm/p7Iaaz1OA5sZ0zNSC96U/E/r5uZ8MrPuUwzg5LNF4WZICYh09/JgCtkRowtoUxxeythI6ooMzahsg3BW3x5mbTOa55b8+4vqvWbIo4SHMMJnIEHl1CHO2hAExhE8Ayv8Oakzovz7nzMW1ecYuYI/sD5/AHNNY80</latexit> <latexit sha1_base64="oVuAS+NAx7QKgcjhSdsJUdNceRE=">AAAB7nicbVBNS8NAEJ34WetX1aOXxSJ4KokIiqeiF48V7Ae0sWy2k3bJZhN2N0IJ/RFePCji1d/jzX/jts1BWx8MPN6bYWZekAqujet+Oyura+sbm6Wt8vbO7t5+5eCwpZNMMWyyRCSqE1CNgktsGm4EdlKFNA4EtoPoduq3n1BpnsgHM07Rj+lQ8pAzaqzU7jzS7nXk9ytVt+bOQJaJV5AqFGj0K1+9QcKyGKVhgmrd9dzU+DlVhjOBk3Iv05hSFtEhdi2VNEbt57NzJ+TUKgMSJsqWNGSm/p7Iaaz1OA5sZ0zNSC96U/E/r5uZ8MrPuUwzg5LNF4WZICYh09/JgCtkRowtoUxxeythI6ooMzahsg3BW3x5mbTOa55b8+4vqvWbIo4SHMMJnIEHl1CHO2hAExhE8Ayv8Oakzovz7nzMW1ecYuYI/sD5/AHNNY80</latexit> <latexit sha1_base64="oVuAS+NAx7QKgcjhSdsJUdNceRE=">AAAB7nicbVBNS8NAEJ34WetX1aOXxSJ4KokIiqeiF48V7Ae0sWy2k3bJZhN2N0IJ/RFePCji1d/jzX/jts1BWx8MPN6bYWZekAqujet+Oyura+sbm6Wt8vbO7t5+5eCwpZNMMWyyRCSqE1CNgktsGm4EdlKFNA4EtoPoduq3n1BpnsgHM07Rj+lQ8pAzaqzU7jzS7nXk9ytVt+bOQJaJV5AqFGj0K1+9QcKyGKVhgmrd9dzU+DlVhjOBk3Iv05hSFtEhdi2VNEbt57NzJ+TUKgMSJsqWNGSm/p7Iaaz1OA5sZ0zNSC96U/E/r5uZ8MrPuUwzg5LNF4WZICYh09/JgCtkRowtoUxxeythI6ooMzahsg3BW3x5mbTOa55b8+4vqvWbIo4SHMMJnIEHl1CHO2hAExhE8Ayv8Oakzovz7nzMW1ecYuYI/sD5/AHNNY80</latexit> X <latexit sha1_base64="hf6hOeTjseL13iz+i/MO/ptaY5E=">AAAB6HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48t2A9oQ9lsJ+3azSbsboQS+gu8eFDEqz/Jm//GbZuDtj4YeLw3w8y8IBFcG9f9dgobm1vbO8Xd0t7+weFR+fikreNUMWyxWMSqG1CNgktsGW4EdhOFNAoEdoLJ3dzvPKHSPJYPZpqgH9GR5CFn1Fip2R2UK27VXYCsEy8nFcjRGJS/+sOYpRFKwwTVuue5ifEzqgxnAmelfqoxoWxCR9izVNIItZ8tDp2RC6sMSRgrW9KQhfp7IqOR1tMosJ0RNWO96s3F/7xeasIbP+MySQ1KtlwUpoKYmMy/JkOukBkxtYQyxe2thI2poszYbEo2BG/15XXSvqp6btVrXlfqt3kcRTiDc7gED2pQh3toQAsYIDzDK7w5j86L8+58LFsLTj5zCn/gfP4AtbmM3A==</latexit> <latexit sha1_base64="hf6hOeTjseL13iz+i/MO/ptaY5E=">AAAB6HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48t2A9oQ9lsJ+3azSbsboQS+gu8eFDEqz/Jm//GbZuDtj4YeLw3w8y8IBFcG9f9dgobm1vbO8Xd0t7+weFR+fikreNUMWyxWMSqG1CNgktsGW4EdhOFNAoEdoLJ3dzvPKHSPJYPZpqgH9GR5CFn1Fip2R2UK27VXYCsEy8nFcjRGJS/+sOYpRFKwwTVuue5ifEzqgxnAmelfqoxoWxCR9izVNIItZ8tDp2RC6sMSRgrW9KQhfp7IqOR1tMosJ0RNWO96s3F/7xeasIbP+MySQ1KtlwUpoKYmMy/JkOukBkxtYQyxe2thI2poszYbEo2BG/15XXSvqp6btVrXlfqt3kcRTiDc7gED2pQh3toQAsYIDzDK7w5j86L8+58LFsLTj5zCn/gfP4AtbmM3A==</latexit> <latexit sha1_base64="hf6hOeTjseL13iz+i/MO/ptaY5E=">AAAB6HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48t2A9oQ9lsJ+3azSbsboQS+gu8eFDEqz/Jm//GbZuDtj4YeLw3w8y8IBFcG9f9dgobm1vbO8Xd0t7+weFR+fikreNUMWyxWMSqG1CNgktsGW4EdhOFNAoEdoLJ3dzvPKHSPJYPZpqgH9GR5CFn1Fip2R2UK27VXYCsEy8nFcjRGJS/+sOYpRFKwwTVuue5ifEzqgxnAmelfqoxoWxCR9izVNIItZ8tDp2RC6sMSRgrW9KQhfp7IqOR1tMosJ0RNWO96s3F/7xeasIbP+MySQ1KtlwUpoKYmMy/JkOukBkxtYQyxe2thI2poszYbEo2BG/15XXSvqp6btVrXlfqt3kcRTiDc7gED2pQh3toQAsYIDzDK7w5j86L8+58LFsLTj5zCn/gfP4AtbmM3A==</latexit> <latexit sha1_base64="hf6hOeTjseL13iz+i/MO/ptaY5E=">AAAB6HicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48t2A9oQ9lsJ+3azSbsboQS+gu8eFDEqz/Jm//GbZuDtj4YeLw3w8y8IBFcG9f9dgobm1vbO8Xd0t7+weFR+fikreNUMWyxWMSqG1CNgktsGW4EdhOFNAoEdoLJ3dzvPKHSPJYPZpqgH9GR5CFn1Fip2R2UK27VXYCsEy8nFcjRGJS/+sOYpRFKwwTVuue5ifEzqgxnAmelfqoxoWxCR9izVNIItZ8tDp2RC6sMSRgrW9KQhfp7IqOR1tMosJ0RNWO96s3F/7xeasIbP+MySQ1KtlwUpoKYmMy/JkOukBkxtYQyxe2thI2poszYbEo2BG/15XXSvqp6btVrXlfqt3kcRTiDc7gED2pQh3toQAsYIDzDK7w5j86L8+58LFsLTj5zCn/gfP4AtbmM3A==</latexit> Xa <latexit sha1_base64="brABWL5OsX8Jz8MP4mZ2jZoh4/U=">AAAB6nicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48V7Qe0sUy2m3bpZhN2N0IJ/QlePCji1V/kzX/jts1BWx8MPN6bYWZekAiujet+O4W19Y3NreJ2aWd3b/+gfHjU0nGqKGvSWMSqE6BmgkvWNNwI1kkUwygQrB2Mb2Z++4kpzWP5YCYJ8yMcSh5yisZK951H7JcrbtWdg6wSLycVyNHol796g5imEZOGCtS667mJ8TNUhlPBpqVeqlmCdIxD1rVUYsS0n81PnZIzqwxIGCtb0pC5+nsiw0jrSRTYzgjNSC97M/E/r5ua8MrPuExSwyRdLApTQUxMZn+TAVeMGjGxBKni9lZCR6iQGptOyYbgLb+8SloXVc+teneXlfp1HkcRTuAUzsGDGtThFhrQBApDeIZXeHOE8+K8Ox+L1oKTzxzDHzifPyIrja8=</latexit> <latexit sha1_base64="brABWL5OsX8Jz8MP4mZ2jZoh4/U=">AAAB6nicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48V7Qe0sUy2m3bpZhN2N0IJ/QlePCji1V/kzX/jts1BWx8MPN6bYWZekAiujet+O4W19Y3NreJ2aWd3b/+gfHjU0nGqKGvSWMSqE6BmgkvWNNwI1kkUwygQrB2Mb2Z++4kpzWP5YCYJ8yMcSh5yisZK951H7JcrbtWdg6wSLycVyNHol796g5imEZOGCtS667mJ8TNUhlPBpqVeqlmCdIxD1rVUYsS0n81PnZIzqwxIGCtb0pC5+nsiw0jrSRTYzgjNSC97M/E/r5ua8MrPuExSwyRdLApTQUxMZn+TAVeMGjGxBKni9lZCR6iQGptOyYbgLb+8SloXVc+teneXlfp1HkcRTuAUzsGDGtThFhrQBApDeIZXeHOE8+K8Ox+L1oKTzxzDHzifPyIrja8=</latexit> <latexit sha1_base64="brABWL5OsX8Jz8MP4mZ2jZoh4/U=">AAAB6nicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48V7Qe0sUy2m3bpZhN2N0IJ/QlePCji1V/kzX/jts1BWx8MPN6bYWZekAiujet+O4W19Y3NreJ2aWd3b/+gfHjU0nGqKGvSWMSqE6BmgkvWNNwI1kkUwygQrB2Mb2Z++4kpzWP5YCYJ8yMcSh5yisZK951H7JcrbtWdg6wSLycVyNHol796g5imEZOGCtS667mJ8TNUhlPBpqVeqlmCdIxD1rVUYsS0n81PnZIzqwxIGCtb0pC5+nsiw0jrSRTYzgjNSC97M/E/r5ua8MrPuExSwyRdLApTQUxMZn+TAVeMGjGxBKni9lZCR6iQGptOyYbgLb+8SloXVc+teneXlfp1HkcRTuAUzsGDGtThFhrQBApDeIZXeHOE8+K8Ox+L1oKTzxzDHzifPyIrja8=</latexit> <latexit sha1_base64="brABWL5OsX8Jz8MP4mZ2jZoh4/U=">AAAB6nicbVBNS8NAEJ3Ur1q/qh69LBbBU0lEqMeiF48V7Qe0sUy2m3bpZhN2N0IJ/QlePCji1V/kzX/jts1BWx8MPN6bYWZekAiujet+O4W19Y3NreJ2aWd3b/+gfHjU0nGqKGvSWMSqE6BmgkvWNNwI1kkUwygQrB2Mb2Z++4kpzWP5YCYJ8yMcSh5yisZK951H7JcrbtWdg6wSLycVyNHol796g5imEZOGCtS667mJ8TNUhlPBpqVeqlmCdIxD1rVUYsS0n81PnZIzqwxIGCtb0pC5+nsiw0jrSRTYzgjNSC97M/E/r5ua8MrPuExSwyRdLApTQUxMZn+TAVeMGjGxBKni9lZCR6iQGptOyYbgLb+8SloXVc+teneXlfp1HkcRTuAUzsGDGtThFhrQBApDeIZXeHOE8+K8Ox+L1oKTzxzDHzifPyIrja8=</latexit> f(X[: k]) <latexit sha1_base64="aYaW0vwC9I9yabAobGwk3uP9bcA=">AAAB73icbVBNS8NAEJ34WetX1aOXxSLUS0lEUDwVvXisYNtAGspmu2mXbnbj7kYooX/CiwdFvPp3vPlv3LY5aOuDgcd7M8zMi1LOtHHdb2dldW19Y7O0Vd7e2d3brxwctrXMFKEtIrlUfoQ15UzQlmGGUz9VFCcRp51odDv1O09UaSbFgxmnNEzwQLCYEWys5Mc1P7gehWe9StWtuzOgZeIVpAoFmr3KV7cvSZZQYQjHWgeem5owx8owwumk3M00TTEZ4QENLBU4oTrMZ/dO0KlV+iiWypYwaKb+nshxovU4iWxngs1QL3pT8T8vyEx8FeZMpJmhgswXxRlHRqLp86jPFCWGjy3BRDF7KyJDrDAxNqKyDcFbfHmZtM/rnlv37i+qjZsijhIcwwnUwINLaMAdNKEFBDg8wyu8OY/Oi/PufMxbV5xi5gj+wPn8AedqjzY=</latexit> <latexit sha1_base64="aYaW0vwC9I9yabAobGwk3uP9bcA=">AAAB73icbVBNS8NAEJ34WetX1aOXxSLUS0lEUDwVvXisYNtAGspmu2mXbnbj7kYooX/CiwdFvPp3vPlv3LY5aOuDgcd7M8zMi1LOtHHdb2dldW19Y7O0Vd7e2d3brxwctrXMFKEtIrlUfoQ15UzQlmGGUz9VFCcRp51odDv1O09UaSbFgxmnNEzwQLCYEWys5Mc1P7gehWe9StWtuzOgZeIVpAoFmr3KV7cvSZZQYQjHWgeem5owx8owwumk3M00TTEZ4QENLBU4oTrMZ/dO0KlV+iiWypYwaKb+nshxovU4iWxngs1QL3pT8T8vyEx8FeZMpJmhgswXxRlHRqLp86jPFCWGjy3BRDF7KyJDrDAxNqKyDcFbfHmZtM/rnlv37i+qjZsijhIcwwnUwINLaMAdNKEFBDg8wyu8OY/Oi/PufMxbV5xi5gj+wPn8AedqjzY=</latexit> <latexit sha1_base64="aYaW0vwC9I9yabAobGwk3uP9bcA=">AAAB73icbVBNS8NAEJ34WetX1aOXxSLUS0lEUDwVvXisYNtAGspmu2mXbnbj7kYooX/CiwdFvPp3vPlv3LY5aOuDgcd7M8zMi1LOtHHdb2dldW19Y7O0Vd7e2d3brxwctrXMFKEtIrlUfoQ15UzQlmGGUz9VFCcRp51odDv1O09UaSbFgxmnNEzwQLCYEWys5Mc1P7gehWe9StWtuzOgZeIVpAoFmr3KV7cvSZZQYQjHWgeem5owx8owwumk3M00TTEZ4QENLBU4oTrMZ/dO0KlV+iiWypYwaKb+nshxovU4iWxngs1QL3pT8T8vyEx8FeZMpJmhgswXxRlHRqLp86jPFCWGjy3BRDF7KyJDrDAxNqKyDcFbfHmZtM/rnlv37i+qjZsijhIcwwnUwINLaMAdNKEFBDg8wyu8OY/Oi/PufMxbV5xi5gj+wPn8AedqjzY=</latexit> <latexit sha1_base64="aYaW0vwC9I9yabAobGwk3uP9bcA=">AAAB73icbVBNS8NAEJ34WetX1aOXxSLUS0lEUDwVvXisYNtAGspmu2mXbnbj7kYooX/CiwdFvPp3vPlv3LY5aOuDgcd7M8zMi1LOtHHdb2dldW19Y7O0Vd7e2d3brxwctrXMFKEtIrlUfoQ15UzQlmGGUz9VFCcRp51odDv1O09UaSbFgxmnNEzwQLCYEWys5Mc1P7gehWe9StWtuzOgZeIVpAoFmr3KV7cvSZZQYQjHWgeem5owx8owwumk3M00TTEZ4QENLBU4oTrMZ/dO0KlV+iiWypYwaKb+nshxovU4iWxngs1QL3pT8T8vyEx8FeZMpJmhgswXxRlHRqLp86jPFCWGjy3BRDF7KyJDrDAxNqKyDcFbfHmZtM/rnlv37i+qjZsijhIcwwnUwINLaMAdNKEFBDg8wyu8OY/Oi/PufMxbV5xi5gj+wPn8AedqjzY=</latexit> f(X) <latexit sha1_base64="i/Cd6J7vNtlfATvn6SRImsEjtLU=">AAAB63icbVBNSwMxEJ34WetX1aOXYBHqpeyKoMeiF48V7Ae0S8mm2TY0yS5JVihL/4IXD4p49Q9589+YbfegrQ8GHu/NMDMvTAQ31vO+0dr6xubWdmmnvLu3f3BYOTpumzjVlLVoLGLdDYlhgivWstwK1k00IzIUrBNO7nK/88S04bF6tNOEBZKMFI84JTaXolr3YlCpenVvDrxK/IJUoUBzUPnqD2OaSqYsFcSYnu8lNsiItpwKNiv3U8MSQidkxHqOKiKZCbL5rTN87pQhjmLtSlk8V39PZEQaM5Wh65TEjs2yl4v/eb3URjdBxlWSWqboYlGUCmxjnD+Oh1wzasXUEUI1d7diOiaaUOviKbsQ/OWXV0n7su57df/hqtq4LeIowSmcQQ18uIYG3EMTWkBhDM/wCm9Iohf0jj4WrWuomDmBP0CfPzu/jbE=</latexit> <latexit sha1_base64="i/Cd6J7vNtlfATvn6SRImsEjtLU=">AAAB63icbVBNSwMxEJ34WetX1aOXYBHqpeyKoMeiF48V7Ae0S8mm2TY0yS5JVihL/4IXD4p49Q9589+YbfegrQ8GHu/NMDMvTAQ31vO+0dr6xubWdmmnvLu3f3BYOTpumzjVlLVoLGLdDYlhgivWstwK1k00IzIUrBNO7nK/88S04bF6tNOEBZKMFI84JTaXolr3YlCpenVvDrxK/IJUoUBzUPnqD2OaSqYsFcSYnu8lNsiItpwKNiv3U8MSQidkxHqOKiKZCbL5rTN87pQhjmLtSlk8V39PZEQaM5Wh65TEjs2yl4v/eb3URjdBxlWSWqboYlGUCmxjnD+Oh1wzasXUEUI1d7diOiaaUOviKbsQ/OWXV0n7su57df/hqtq4LeIowSmcQQ18uIYG3EMTWkBhDM/wCm9Iohf0jj4WrWuomDmBP0CfPzu/jbE=</latexit> <latexit sha1_base64="i/Cd6J7vNtlfATvn6SRImsEjtLU=">AAAB63icbVBNSwMxEJ34WetX1aOXYBHqpeyKoMeiF48V7Ae0S8mm2TY0yS5JVihL/4IXD4p49Q9589+YbfegrQ8GHu/NMDMvTAQ31vO+0dr6xubWdmmnvLu3f3BYOTpumzjVlLVoLGLdDYlhgivWstwK1k00IzIUrBNO7nK/88S04bF6tNOEBZKMFI84JTaXolr3YlCpenVvDrxK/IJUoUBzUPnqD2OaSqYsFcSYnu8lNsiItpwKNiv3U8MSQidkxHqOKiKZCbL5rTN87pQhjmLtSlk8V39PZEQaM5Wh65TEjs2yl4v/eb3URjdBxlWSWqboYlGUCmxjnD+Oh1wzasXUEUI1d7diOiaaUOviKbsQ/OWXV0n7su57df/hqtq4LeIowSmcQQ18uIYG3EMTWkBhDM/wCm9Iohf0jj4WrWuomDmBP0CfPzu/jbE=</latexit> <latexit sha1_base64="i/Cd6J7vNtlfATvn6SRImsEjtLU=">AAAB63icbVBNSwMxEJ34WetX1aOXYBHqpeyKoMeiF48V7Ae0S8mm2TY0yS5JVihL/4IXD4p49Q9589+YbfegrQ8GHu/NMDMvTAQ31vO+0dr6xubWdmmnvLu3f3BYOTpumzjVlLVoLGLdDYlhgivWstwK1k00IzIUrBNO7nK/88S04bF6tNOEBZKMFI84JTaXolr3YlCpenVvDrxK/IJUoUBzUPnqD2OaSqYsFcSYnu8lNsiItpwKNiv3U8MSQidkxHqOKiKZCbL5rTN87pQhjmLtSlk8V39PZEQaM5Wh65TEjs2yl4v/eb3URjdBxlWSWqboYlGUCmxjnD+Oh1wzasXUEUI1d7diOiaaUOviKbsQ/OWXV0n7su57df/hqtq4LeIowSmcQQ18uIYG3EMTWkBhDM/wCm9Iohf0jj4WrWuomDmBP0CfPzu/jbE=</latexit> f(Xa[: k]) <latexit sha1_base64="lh60RHtust9WRrWer+18lWXdqyM=">AAAB8XicbVBNSwMxEJ3Ur1q/qh69BItQL2VXBMVT0YvHCvYDt2vJptk2NJtdkqxQlv4LLx4U8eq/8ea/MW33oK0PBh7vzTAzL0gE18ZxvlFhZXVtfaO4Wdra3tndK+8ftHScKsqaNBax6gREM8ElaxpuBOskipEoEKwdjG6mfvuJKc1jeW/GCfMjMpA85JQYKz2E1c4j8a5G/mmvXHFqzgx4mbg5qUCORq/81e3HNI2YNFQQrT3XSYyfEWU4FWxS6qaaJYSOyIB5lkoSMe1ns4sn+MQqfRzGypY0eKb+nshIpPU4CmxnRMxQL3pT8T/PS0146WdcJqlhks4XhanAJsbT93GfK0aNGFtCqOL2VkyHRBFqbEglG4K7+PIyaZ3VXKfm3p1X6td5HEU4gmOoggsXUIdbaEATKEh4hld4Qxq9oHf0MW8toHzmEP4Aff4AWM+QCQ==</latexit> <latexit sha1_base64="lh60RHtust9WRrWer+18lWXdqyM=">AAAB8XicbVBNSwMxEJ3Ur1q/qh69BItQL2VXBMVT0YvHCvYDt2vJptk2NJtdkqxQlv4LLx4U8eq/8ea/MW33oK0PBh7vzTAzL0gE18ZxvlFhZXVtfaO4Wdra3tndK+8ftHScKsqaNBax6gREM8ElaxpuBOskipEoEKwdjG6mfvuJKc1jeW/GCfMjMpA85JQYKz2E1c4j8a5G/mmvXHFqzgx4mbg5qUCORq/81e3HNI2YNFQQrT3XSYyfEWU4FWxS6qaaJYSOyIB5lkoSMe1ns4sn+MQqfRzGypY0eKb+nshIpPU4CmxnRMxQL3pT8T/PS0146WdcJqlhks4XhanAJsbT93GfK0aNGFtCqOL2VkyHRBFqbEglG4K7+PIyaZ3VXKfm3p1X6td5HEU4gmOoggsXUIdbaEATKEh4hld4Qxq9oHf0MW8toHzmEP4Aff4AWM+QCQ==</latexit> <latexit sha1_base64="lh60RHtust9WRrWer+18lWXdqyM=">AAAB8XicbVBNSwMxEJ3Ur1q/qh69BItQL2VXBMVT0YvHCvYDt2vJptk2NJtdkqxQlv4LLx4U8eq/8ea/MW33oK0PBh7vzTAzL0gE18ZxvlFhZXVtfaO4Wdra3tndK+8ftHScKsqaNBax6gREM8ElaxpuBOskipEoEKwdjG6mfvuJKc1jeW/GCfMjMpA85JQYKz2E1c4j8a5G/mmvXHFqzgx4mbg5qUCORq/81e3HNI2YNFQQrT3XSYyfEWU4FWxS6qaaJYSOyIB5lkoSMe1ns4sn+MQqfRzGypY0eKb+nshIpPU4CmxnRMxQL3pT8T/PS0146WdcJqlhks4XhanAJsbT93GfK0aNGFtCqOL2VkyHRBFqbEglG4K7+PIyaZ3VXKfm3p1X6td5HEU4gmOoggsXUIdbaEATKEh4hld4Qxq9oHf0MW8toHzmEP4Aff4AWM+QCQ==</latexit> <latexit sha1_base64="lh60RHtust9WRrWer+18lWXdqyM=">AAAB8XicbVBNSwMxEJ3Ur1q/qh69BItQL2VXBMVT0YvHCvYDt2vJptk2NJtdkqxQlv4LLx4U8eq/8ea/MW33oK0PBh7vzTAzL0gE18ZxvlFhZXVtfaO4Wdra3tndK+8ftHScKsqaNBax6gREM8ElaxpuBOskipEoEKwdjG6mfvuJKc1jeW/GCfMjMpA85JQYKz2E1c4j8a5G/mmvXHFqzgx4mbg5qUCORq/81e3HNI2YNFQQrT3XSYyfEWU4FWxS6qaaJYSOyIB5lkoSMe1ns4sn+MQqfRzGypY0eKb+nshIpPU4CmxnRMxQL3pT8T/PS0146WdcJqlhks4XhanAJsbT93GfK0aNGFtCqOL2VkyHRBFqbEglG4K7+PIyaZ3VXKfm3p1X6td5HEU4gmOoggsXUIdbaEATKEh4hld4Qxq9oHf0MW8toHzmEP4Aff4AWM+QCQ==</latexit> f(Xa) <latexit sha1_base64="1qZ/muTHRRbu1T8TtN7j9rX5iTM=">AAAB7XicbVDLSgNBEOz1GeMr6tHLYBDiJeyKoMegF48RzAOSNcxOZpMx81hmZoWw5B+8eFDEq//jzb9xkuxBEwsaiqpuuruihDNjff/bW1ldW9/YLGwVt3d29/ZLB4dNo1JNaIMornQ7woZyJmnDMstpO9EUi4jTVjS6mfqtJ6oNU/LejhMaCjyQLGYEWyc140r7AZ/1SmW/6s+AlkmQkzLkqPdKX92+Iqmg0hKOjekEfmLDDGvLCKeTYjc1NMFkhAe046jEgpowm107QadO6aNYaVfSopn6eyLDwpixiFynwHZoFr2p+J/XSW18FWZMJqmlkswXxSlHVqHp66jPNCWWjx3BRDN3KyJDrDGxLqCiCyFYfHmZNM+rgV8N7i7Ktes8jgIcwwlUIIBLqMEt1KEBBB7hGV7hzVPei/fufcxbV7x85gj+wPv8AaoJjoQ=</latexit> <latexit sha1_base64="1qZ/muTHRRbu1T8TtN7j9rX5iTM=">AAAB7XicbVDLSgNBEOz1GeMr6tHLYBDiJeyKoMegF48RzAOSNcxOZpMx81hmZoWw5B+8eFDEq//jzb9xkuxBEwsaiqpuuruihDNjff/bW1ldW9/YLGwVt3d29/ZLB4dNo1JNaIMornQ7woZyJmnDMstpO9EUi4jTVjS6mfqtJ6oNU/LejhMaCjyQLGYEWyc140r7AZ/1SmW/6s+AlkmQkzLkqPdKX92+Iqmg0hKOjekEfmLDDGvLCKeTYjc1NMFkhAe046jEgpowm107QadO6aNYaVfSopn6eyLDwpixiFynwHZoFr2p+J/XSW18FWZMJqmlkswXxSlHVqHp66jPNCWWjx3BRDN3KyJDrDGxLqCiCyFYfHmZNM+rgV8N7i7Ktes8jgIcwwlUIIBLqMEt1KEBBB7hGV7hzVPei/fufcxbV7x85gj+wPv8AaoJjoQ=</latexit> <latexit sha1_base64="1qZ/muTHRRbu1T8TtN7j9rX5iTM=">AAAB7XicbVDLSgNBEOz1GeMr6tHLYBDiJeyKoMegF48RzAOSNcxOZpMx81hmZoWw5B+8eFDEq//jzb9xkuxBEwsaiqpuuruihDNjff/bW1ldW9/YLGwVt3d29/ZLB4dNo1JNaIMornQ7woZyJmnDMstpO9EUi4jTVjS6mfqtJ6oNU/LejhMaCjyQLGYEWyc140r7AZ/1SmW/6s+AlkmQkzLkqPdKX92+Iqmg0hKOjekEfmLDDGvLCKeTYjc1NMFkhAe046jEgpowm107QadO6aNYaVfSopn6eyLDwpixiFynwHZoFr2p+J/XSW18FWZMJqmlkswXxSlHVqHp66jPNCWWjx3BRDN3KyJDrDGxLqCiCyFYfHmZNM+rgV8N7i7Ktes8jgIcwwlUIIBLqMEt1KEBBB7hGV7hzVPei/fufcxbV7x85gj+wPv8AaoJjoQ=</latexit> <latexit sha1_base64="1qZ/muTHRRbu1T8TtN7j9rX5iTM=">AAAB7XicbVDLSgNBEOz1GeMr6tHLYBDiJeyKoMegF48RzAOSNcxOZpMx81hmZoWw5B+8eFDEq//jzb9xkuxBEwsaiqpuuruihDNjff/bW1ldW9/YLGwVt3d29/ZLB4dNo1JNaIMornQ7woZyJmnDMstpO9EUi4jTVjS6mfqtJ6oNU/LejhMaCjyQLGYEWyc140r7AZ/1SmW/6s+AlkmQkzLkqPdKX92+Iqmg0hKOjekEfmLDDGvLCKeTYjc1NMFkhAe046jEgpowm107QadO6aNYaVfSopn6eyLDwpixiFynwHZoFr2p+J/XSW18FWZMJqmlkswXxSlHVqHp66jPNCWWjx3BRDN3KyJDrDGxLqCiCyFYfHmZNM+rgV8N7i7Ktes8jgIcwwlUIIBLqMEt1KEBBB7hGV7hzVPei/fufcxbV7x85gj+wPv8AaoJjoQ=</latexit> ASR: f(⇤) <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> ASR: f(⇤) <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> ASR: f(⇤) <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> ASR: f(⇤) <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> Benign audio: <latexit sha1_base64="b2meWSXIVh9gqRmprHsg0bzyotM=">AAAB/XicbVDJSgNBEO1xjXEbl5uXxiB4CjMiKJ5CvHiMYBZIhtDTqSRNenqG7hoxDsFf8eJBEa/+hzf/xs5y0MQHBY/3qqiqFyZSGPS8b2dpeWV1bT23kd/c2t7Zdff2ayZONYcqj2WsGyEzIIWCKgqU0Eg0sCiUUA8H12O/fg/aiFjd4TCBIGI9JbqCM7RS2z1sITxgVgYleoqytCPiq1HbLXhFbwK6SPwZKZAZKm33q9WJeRqBQi6ZMU3fSzDImEbBJYzyrdRAwviA9aBpqWIRmCCbXD+iJ1bp0G6sbSmkE/X3RMYiY4ZRaDsjhn0z743F/7xmit3LIBMqSREUny7qppJiTMdR0I7QwFEOLWFcC3sr5X2mGUcbWN6G4M+/vEhqZ0XfK/q354VSeRZHjhyRY3JKfHJBSuSGVEiVcPJInskreXOenBfn3fmYti45s5kD8gfO5w+XLpVL</latexit> <latexit sha1_base64="b2meWSXIVh9gqRmprHsg0bzyotM=">AAAB/XicbVDJSgNBEO1xjXEbl5uXxiB4CjMiKJ5CvHiMYBZIhtDTqSRNenqG7hoxDsFf8eJBEa/+hzf/xs5y0MQHBY/3qqiqFyZSGPS8b2dpeWV1bT23kd/c2t7Zdff2ayZONYcqj2WsGyEzIIWCKgqU0Eg0sCiUUA8H12O/fg/aiFjd4TCBIGI9JbqCM7RS2z1sITxgVgYleoqytCPiq1HbLXhFbwK6SPwZKZAZKm33q9WJeRqBQi6ZMU3fSzDImEbBJYzyrdRAwviA9aBpqWIRmCCbXD+iJ1bp0G6sbSmkE/X3RMYiY4ZRaDsjhn0z743F/7xmit3LIBMqSREUny7qppJiTMdR0I7QwFEOLWFcC3sr5X2mGUcbWN6G4M+/vEhqZ0XfK/q354VSeRZHjhyRY3JKfHJBSuSGVEiVcPJInskreXOenBfn3fmYti45s5kD8gfO5w+XLpVL</latexit> <latexit sha1_base64="b2meWSXIVh9gqRmprHsg0bzyotM=">AAAB/XicbVDJSgNBEO1xjXEbl5uXxiB4CjMiKJ5CvHiMYBZIhtDTqSRNenqG7hoxDsFf8eJBEa/+hzf/xs5y0MQHBY/3qqiqFyZSGPS8b2dpeWV1bT23kd/c2t7Zdff2ayZONYcqj2WsGyEzIIWCKgqU0Eg0sCiUUA8H12O/fg/aiFjd4TCBIGI9JbqCM7RS2z1sITxgVgYleoqytCPiq1HbLXhFbwK6SPwZKZAZKm33q9WJeRqBQi6ZMU3fSzDImEbBJYzyrdRAwviA9aBpqWIRmCCbXD+iJ1bp0G6sbSmkE/X3RMYiY4ZRaDsjhn0z743F/7xmit3LIBMqSREUny7qppJiTMdR0I7QwFEOLWFcC3sr5X2mGUcbWN6G4M+/vEhqZ0XfK/q354VSeRZHjhyRY3JKfHJBSuSGVEiVcPJInskreXOenBfn3fmYti45s5kD8gfO5w+XLpVL</latexit> <latexit sha1_base64="b2meWSXIVh9gqRmprHsg0bzyotM=">AAAB/XicbVDJSgNBEO1xjXEbl5uXxiB4CjMiKJ5CvHiMYBZIhtDTqSRNenqG7hoxDsFf8eJBEa/+hzf/xs5y0MQHBY/3qqiqFyZSGPS8b2dpeWV1bT23kd/c2t7Zdff2ayZONYcqj2WsGyEzIIWCKgqU0Eg0sCiUUA8H12O/fg/aiFjd4TCBIGI9JbqCM7RS2z1sITxgVgYleoqytCPiq1HbLXhFbwK6SPwZKZAZKm33q9WJeRqBQi6ZMU3fSzDImEbBJYzyrdRAwviA9aBpqWIRmCCbXD+iJ1bp0G6sbSmkE/X3RMYiY4ZRaDsjhn0z743F/7xmit3LIBMqSREUny7qppJiTMdR0I7QwFEOLWFcC3sr5X2mGUcbWN6G4M+/vEhqZ0XfK/q354VSeRZHjhyRY3JKfHJBSuSGVEiVcPJInskreXOenBfn3fmYti45s5kD8gfO5w+XLpVL</latexit> Adversarial audio: <latexit sha1_base64="n+tm8nG5DNKcWFzCqyTi7PMgGOY=">AAACAnicbVC7SgNBFJ31GeMraiU2g0GwCrsiKFZRG8sI5gHJEu7OziZDZh/M3BXDEmz8FRsLRWz9Cjv/xkmyhSYeGDiccy537vESKTTa9re1sLi0vLJaWCuub2xubZd2dhs6ThXjdRbLWLU80FyKiNdRoOStRHEIPcmb3uB67DfvudIiju5wmHA3hF4kAsEAjdQt7XeQP2B26Y9DoARICqkv4otRt1S2K/YEdJ44OSmTHLVu6avjxywNeYRMgtZtx07QzUChYJKPip1U8wTYAHq8bWgEIdduNjlhRI+M4tMgVuZFSCfq74kMQq2HoWeSIWBfz3pj8T+vnWJw7mYiSlLkEZsuClJJMabjPqgvFGcoh4YAU8L8lbI+KGBoCimaEpzZk+dJ46Ti2BXn9rRcvcrrKJADckiOiUPOSJXckBqpE0YeyTN5JW/Wk/VivVsf0+iClc/skT+wPn8AsDOXmA==</latexit> <latexit sha1_base64="n+tm8nG5DNKcWFzCqyTi7PMgGOY=">AAACAnicbVC7SgNBFJ31GeMraiU2g0GwCrsiKFZRG8sI5gHJEu7OziZDZh/M3BXDEmz8FRsLRWz9Cjv/xkmyhSYeGDiccy537vESKTTa9re1sLi0vLJaWCuub2xubZd2dhs6ThXjdRbLWLU80FyKiNdRoOStRHEIPcmb3uB67DfvudIiju5wmHA3hF4kAsEAjdQt7XeQP2B26Y9DoARICqkv4otRt1S2K/YEdJ44OSmTHLVu6avjxywNeYRMgtZtx07QzUChYJKPip1U8wTYAHq8bWgEIdduNjlhRI+M4tMgVuZFSCfq74kMQq2HoWeSIWBfz3pj8T+vnWJw7mYiSlLkEZsuClJJMabjPqgvFGcoh4YAU8L8lbI+KGBoCimaEpzZk+dJ46Ti2BXn9rRcvcrrKJADckiOiUPOSJXckBqpE0YeyTN5JW/Wk/VivVsf0+iClc/skT+wPn8AsDOXmA==</latexit> <latexit sha1_base64="n+tm8nG5DNKcWFzCqyTi7PMgGOY=">AAACAnicbVC7SgNBFJ31GeMraiU2g0GwCrsiKFZRG8sI5gHJEu7OziZDZh/M3BXDEmz8FRsLRWz9Cjv/xkmyhSYeGDiccy537vESKTTa9re1sLi0vLJaWCuub2xubZd2dhs6ThXjdRbLWLU80FyKiNdRoOStRHEIPcmb3uB67DfvudIiju5wmHA3hF4kAsEAjdQt7XeQP2B26Y9DoARICqkv4otRt1S2K/YEdJ44OSmTHLVu6avjxywNeYRMgtZtx07QzUChYJKPip1U8wTYAHq8bWgEIdduNjlhRI+M4tMgVuZFSCfq74kMQq2HoWeSIWBfz3pj8T+vnWJw7mYiSlLkEZsuClJJMabjPqgvFGcoh4YAU8L8lbI+KGBoCimaEpzZk+dJ46Ti2BXn9rRcvcrrKJADckiOiUPOSJXckBqpE0YeyTN5JW/Wk/VivVsf0+iClc/skT+wPn8AsDOXmA==</latexit> <latexit sha1_base64="n+tm8nG5DNKcWFzCqyTi7PMgGOY=">AAACAnicbVC7SgNBFJ31GeMraiU2g0GwCrsiKFZRG8sI5gHJEu7OziZDZh/M3BXDEmz8FRsLRWz9Cjv/xkmyhSYeGDiccy537vESKTTa9re1sLi0vLJaWCuub2xubZd2dhs6ThXjdRbLWLU80FyKiNdRoOStRHEIPcmb3uB67DfvudIiju5wmHA3hF4kAsEAjdQt7XeQP2B26Y9DoARICqkv4otRt1S2K/YEdJ44OSmTHLVu6avjxywNeYRMgtZtx07QzUChYJKPip1U8wTYAHq8bWgEIdduNjlhRI+M4tMgVuZFSCfq74kMQq2HoWeSIWBfz3pj8T+vnWJw7mYiSlLkEZsuClJJMabjPqgvFGcoh4YAU8L8lbI+KGBoCimaEpzZk+dJ46Ti2BXn9rRcvcrrKJADckiOiUPOSJXckBqpE0YeyTN5JW/Wk/VivVsf0+iClc/skT+wPn8AsDOXmA==</latexit> Consistency{f(X[: k]), f(X)} > Consistency{f(Xa[: k]), f(Xa)} <latexit sha1_base64="/W9KJ0ViIc8EXaev79lPgTZntgY=">AAACTXicdVHLSgMxFM3UR2t9jbp0EyyWFkqZEUFxIcVuXFawD+hMSybN1NBMZkgyYhn6g24Ed/6FGxeKiOkDtK2eEDicew8398SLGJXKsl6M1Mrq2no6s5Hd3Nre2TX39hsyjAUmdRyyULQ8JAmjnNQVVYy0IkFQ4DHS9AbVcb15T4SkIb9Vw4i4Aepz6lOMlJa6Zi/vKPKgkmrIpZ5GOB6OnMQvtNoXA7dYgpoVnRF0nGzeKc2fS/iPtYN+zB2k7V0zZ5WtCeAysWckB2aodc1npxfiOCBcYYakbNtWpNwECUUxI6OsE0sSITxAfdLWlKOASDeZpDGCx1rpQT8U+nIFJ+pvR4ICKYeBpzsDpO7kYm0s/lVrx8o/dxPKo3i87HSQHzOoQjiOFvaoIFixoSYIC6rfCvEdEggr/QFZHYK9uPIyaZyUbats35zmKlezODLgEByBArDBGaiAa1ADdYDBI3gF7+DDeDLejE/ja9qaMmaeAzCHVPobkwmxIg==</latexit> <latexit sha1_base64="/W9KJ0ViIc8EXaev79lPgTZntgY=">AAACTXicdVHLSgMxFM3UR2t9jbp0EyyWFkqZEUFxIcVuXFawD+hMSybN1NBMZkgyYhn6g24Ed/6FGxeKiOkDtK2eEDicew8398SLGJXKsl6M1Mrq2no6s5Hd3Nre2TX39hsyjAUmdRyyULQ8JAmjnNQVVYy0IkFQ4DHS9AbVcb15T4SkIb9Vw4i4Aepz6lOMlJa6Zi/vKPKgkmrIpZ5GOB6OnMQvtNoXA7dYgpoVnRF0nGzeKc2fS/iPtYN+zB2k7V0zZ5WtCeAysWckB2aodc1npxfiOCBcYYakbNtWpNwECUUxI6OsE0sSITxAfdLWlKOASDeZpDGCx1rpQT8U+nIFJ+pvR4ICKYeBpzsDpO7kYm0s/lVrx8o/dxPKo3i87HSQHzOoQjiOFvaoIFixoSYIC6rfCvEdEggr/QFZHYK9uPIyaZyUbats35zmKlezODLgEByBArDBGaiAa1ADdYDBI3gF7+DDeDLejE/ja9qaMmaeAzCHVPobkwmxIg==</latexit> <latexit sha1_base64="/W9KJ0ViIc8EXaev79lPgTZntgY=">AAACTXicdVHLSgMxFM3UR2t9jbp0EyyWFkqZEUFxIcVuXFawD+hMSybN1NBMZkgyYhn6g24Ed/6FGxeKiOkDtK2eEDicew8398SLGJXKsl6M1Mrq2no6s5Hd3Nre2TX39hsyjAUmdRyyULQ8JAmjnNQVVYy0IkFQ4DHS9AbVcb15T4SkIb9Vw4i4Aepz6lOMlJa6Zi/vKPKgkmrIpZ5GOB6OnMQvtNoXA7dYgpoVnRF0nGzeKc2fS/iPtYN+zB2k7V0zZ5WtCeAysWckB2aodc1npxfiOCBcYYakbNtWpNwECUUxI6OsE0sSITxAfdLWlKOASDeZpDGCx1rpQT8U+nIFJ+pvR4ICKYeBpzsDpO7kYm0s/lVrx8o/dxPKo3i87HSQHzOoQjiOFvaoIFixoSYIC6rfCvEdEggr/QFZHYK9uPIyaZyUbats35zmKlezODLgEByBArDBGaiAa1ADdYDBI3gF7+DDeDLejE/ja9qaMmaeAzCHVPobkwmxIg==</latexit> <latexit sha1_base64="/W9KJ0ViIc8EXaev79lPgTZntgY=">AAACTXicdVHLSgMxFM3UR2t9jbp0EyyWFkqZEUFxIcVuXFawD+hMSybN1NBMZkgyYhn6g24Ed/6FGxeKiOkDtK2eEDicew8398SLGJXKsl6M1Mrq2no6s5Hd3Nre2TX39hsyjAUmdRyyULQ8JAmjnNQVVYy0IkFQ4DHS9AbVcb15T4SkIb9Vw4i4Aepz6lOMlJa6Zi/vKPKgkmrIpZ5GOB6OnMQvtNoXA7dYgpoVnRF0nGzeKc2fS/iPtYN+zB2k7V0zZ5WtCeAysWckB2aodc1npxfiOCBcYYakbNtWpNwECUUxI6OsE0sSITxAfdLWlKOASDeZpDGCx1rpQT8U+nIFJ+pvR4ICKYeBpzsDpO7kYm0s/lVrx8o/dxPKo3i87HSQHzOoQjiOFvaoIFixoSYIC6rfCvEdEggr/QFZHYK9uPIyaZyUbats35zmKlezODLgEByBArDBGaiAa1ADdYDBI3gF7+DDeDLejE/ja9qaMmaeAzCHVPobkwmxIg==</latexit> Word/Char Error Rate(WER/CER) <latexit sha1_base64="bjC+3qn0NYGx2lD6ye4DtKs1ws0=">AAACDXicbVC7SgNBFJ31GeMramkzGAVtkl0RtAyGgGUMxghJCLOTu2ZwdmeZuSuGJT9g46/YWChia2/n3zh5FJp4qsM593LPPX4shUHX/Xbm5hcWl5YzK9nVtfWNzdzW9rVRieZQ50oqfeMzA1JEUEeBEm5iDSz0JTT8u/LQb9yDNkJFV9iPoR2y20gEgjO0Uie330J4wLShdLdY7jFNK1orTWsM4bBRqRXLldrRoJPLuwV3BDpLvAnJkwmqndxXq6t4EkKEXDJjmp4bYztlGgWXMMi2EgMx43fsFpqWRiwE005H3wzogVW6NLApAhUhHam/N1IWGtMPfTsZMuyZaW8o/uc1EwzO2qmI4gQh4uNDQSIpKjqshnaFBo6ybwnjWtislNtKGEdbYNaW4E2/PEuujwueW/AuT/Kl80kdGbJL9sgh8cgpKZELUiV1wskjeSav5M15cl6cd+djPDrnTHZ2yB84nz+YJpqT</latexit> <latexit sha1_base64="bjC+3qn0NYGx2lD6ye4DtKs1ws0=">AAACDXicbVC7SgNBFJ31GeMramkzGAVtkl0RtAyGgGUMxghJCLOTu2ZwdmeZuSuGJT9g46/YWChia2/n3zh5FJp4qsM593LPPX4shUHX/Xbm5hcWl5YzK9nVtfWNzdzW9rVRieZQ50oqfeMzA1JEUEeBEm5iDSz0JTT8u/LQb9yDNkJFV9iPoR2y20gEgjO0Uie330J4wLShdLdY7jFNK1orTWsM4bBRqRXLldrRoJPLuwV3BDpLvAnJkwmqndxXq6t4EkKEXDJjmp4bYztlGgWXMMi2EgMx43fsFpqWRiwE005H3wzogVW6NLApAhUhHam/N1IWGtMPfTsZMuyZaW8o/uc1EwzO2qmI4gQh4uNDQSIpKjqshnaFBo6ybwnjWtislNtKGEdbYNaW4E2/PEuujwueW/AuT/Kl80kdGbJL9sgh8cgpKZELUiV1wskjeSav5M15cl6cd+djPDrnTHZ2yB84nz+YJpqT</latexit> <latexit sha1_base64="bjC+3qn0NYGx2lD6ye4DtKs1ws0=">AAACDXicbVC7SgNBFJ31GeMramkzGAVtkl0RtAyGgGUMxghJCLOTu2ZwdmeZuSuGJT9g46/YWChia2/n3zh5FJp4qsM593LPPX4shUHX/Xbm5hcWl5YzK9nVtfWNzdzW9rVRieZQ50oqfeMzA1JEUEeBEm5iDSz0JTT8u/LQb9yDNkJFV9iPoR2y20gEgjO0Uie330J4wLShdLdY7jFNK1orTWsM4bBRqRXLldrRoJPLuwV3BDpLvAnJkwmqndxXq6t4EkKEXDJjmp4bYztlGgWXMMi2EgMx43fsFpqWRiwE005H3wzogVW6NLApAhUhHam/N1IWGtMPfTsZMuyZaW8o/uc1EwzO2qmI4gQh4uNDQSIpKjqshnaFBo6ybwnjWtislNtKGEdbYNaW4E2/PEuujwueW/AuT/Kl80kdGbJL9sgh8cgpKZELUiV1wskjeSav5M15cl6cd+djPDrnTHZ2yB84nz+YJpqT</latexit> <latexit sha1_base64="bjC+3qn0NYGx2lD6ye4DtKs1ws0=">AAACDXicbVC7SgNBFJ31GeMramkzGAVtkl0RtAyGgGUMxghJCLOTu2ZwdmeZuSuGJT9g46/YWChia2/n3zh5FJp4qsM593LPPX4shUHX/Xbm5hcWl5YzK9nVtfWNzdzW9rVRieZQ50oqfeMzA1JEUEeBEm5iDSz0JTT8u/LQb9yDNkJFV9iPoR2y20gEgjO0Uie330J4wLShdLdY7jFNK1orTWsM4bBRqRXLldrRoJPLuwV3BDpLvAnJkwmqndxXq6t4EkKEXDJjmp4bYztlGgWXMMi2EgMx43fsFpqWRiwE005H3wzogVW6NLApAhUhHam/N1IWGtMPfTsZMuyZaW8o/uc1EwzO2qmI4gQh4uNDQSIpKjqshnaFBo6ybwnjWtislNtKGEdbYNaW4E2/PEuujwueW/AuT/Kl80kdGbJL9sgh8cgpKZELUiV1wskjeSav5M15cl6cd+djPDrnTHZ2yB84nz+YJpqT</latexit> ASR: f(⇤) <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit> <latexit sha1_base64="o/Ll7Xt2W/yePEGF3HF2JfNiO4k=">AAAB/3icbVDJSgNBEO1xjXEbFbx4aQxChBBmRFA8Rb14jEsWyAyhp9OTNOlZ6K4Rw5iDv+LFgyJe/Q1v/o2dZA6a+KDg8V4VVfW8WHAFlvVtzM0vLC4t51byq2vrG5vm1nZdRYmkrEYjEcmmRxQTPGQ14CBYM5aMBJ5gDa9/OfIb90wqHoV3MIiZG5BuyH1OCWipbe46wB4gPb+9ORs6JafkFx2i4LBtFqyyNQaeJXZGCihDtW1+OZ2IJgELgQqiVMu2YnBTIoFTwYZ5J1EsJrRPuqylaUgCptx0fP8QH2ilg/1I6goBj9XfEykJlBoEnu4MCPTUtDcS//NaCfinbsrDOAEW0skiPxEYIjwKA3e4ZBTEQBNCJde3YtojklDQkeV1CPb0y7OkflS2rbJ9fVyoXGRx5NAe2kdFZKMTVEFXqIpqiKJH9Ixe0ZvxZLwY78bHpHXOyGZ20B8Ynz+bipUr</latexit>

  7. 7 Related works: Temporal Dependency Yang, et al., “Characterizing audio

    adversarial examples using temporal dependency,” in International Conference on Learning Representations, 2019. Temporal dependency-based detection: • Empirical test proves adequate to detect a variety of state-of-the-art audio attack s • Contributions : • revisit the LSTM to explore the role of temporal dependency in adversarial audi o • propose a new audio attack that evades the temporal dependency-based detection

  8. Contribution: Part 1 • In an LSTM: • Temporal dependency-based

    detection analysis : • Removing part of the audio impacts the transition of hidden state s • Adversarial perturbation doesn’t consider the hidden states’ transition, thus easily detectable Temporal dependency’s role in adversarial audios ft = ⇣(Wf xt + Uf ht 1) it = ⇣(Wixt + Uiht 1) ot = ⇣(Woxt + Uoht 1) ct = ft ct 1 + it ⇣(Wcxt + Ucht 1) ht = ot ⇣(ct) <latexit sha1_base64="RWdro0l7tc5lUjux89QoPpVuYd0=">AAACxnicbZFLa9tAFIVH6iOJ+3LbZTZDTUtCqZFKoN0EQrPJMoE6DlhGjK6v4iGjGTFz1dYRhv7G7rrof8nYckXl9MLA4dxvzjxuVirpKIp+B+GDh48e7+zu9Z48ffb8Rf/lq0tnKgs4AqOMvcqEQyU1jkiSwqvSoigyhePs5nTVH39D66TRX2lR4rQQ11rmEgR5K+3/yVPi7455coskDsZpzn944z0feTVPa/oQLw95kvRkF5MtJjuY6WKmxUwHgwZbnZ2AtMChaXpUtt7fEGhDoA3xGfMmw2zxPvow0UZXRYY27Q+iYbQufl/EGzFgmzpP+7+SmYGqQE2ghHOTOCppWgtLEhQue0nlsBRwI65x4qUWBbppvR7Dkr/1zoznxvqlia/df3fUonBuUWSeLATN3XZvZf6vN6ko/zytpS4rQg3NQXmlOBm+mimfSYtAauGFACv9XTnMhRVAfvI9/wnx9pPvi8uPwzgaxhdHg5Mvm+/YZfvsDTtgMfvETtgZO2cjBsFpIAMbuPAs1GEVfm/QMNjsec06Ff68A38z0l0=</latexit> <latexit sha1_base64="RWdro0l7tc5lUjux89QoPpVuYd0=">AAACxnicbZFLa9tAFIVH6iOJ+3LbZTZDTUtCqZFKoN0EQrPJMoE6DlhGjK6v4iGjGTFz1dYRhv7G7rrof8nYckXl9MLA4dxvzjxuVirpKIp+B+GDh48e7+zu9Z48ffb8Rf/lq0tnKgs4AqOMvcqEQyU1jkiSwqvSoigyhePs5nTVH39D66TRX2lR4rQQ11rmEgR5K+3/yVPi7455coskDsZpzn944z0feTVPa/oQLw95kvRkF5MtJjuY6WKmxUwHgwZbnZ2AtMChaXpUtt7fEGhDoA3xGfMmw2zxPvow0UZXRYY27Q+iYbQufl/EGzFgmzpP+7+SmYGqQE2ghHOTOCppWgtLEhQue0nlsBRwI65x4qUWBbppvR7Dkr/1zoznxvqlia/df3fUonBuUWSeLATN3XZvZf6vN6ko/zytpS4rQg3NQXmlOBm+mimfSYtAauGFACv9XTnMhRVAfvI9/wnx9pPvi8uPwzgaxhdHg5Mvm+/YZfvsDTtgMfvETtgZO2cjBsFpIAMbuPAs1GEVfm/QMNjsec06Ff68A38z0l0=</latexit> <latexit sha1_base64="RWdro0l7tc5lUjux89QoPpVuYd0=">AAACxnicbZFLa9tAFIVH6iOJ+3LbZTZDTUtCqZFKoN0EQrPJMoE6DlhGjK6v4iGjGTFz1dYRhv7G7rrof8nYckXl9MLA4dxvzjxuVirpKIp+B+GDh48e7+zu9Z48ffb8Rf/lq0tnKgs4AqOMvcqEQyU1jkiSwqvSoigyhePs5nTVH39D66TRX2lR4rQQ11rmEgR5K+3/yVPi7455coskDsZpzn944z0feTVPa/oQLw95kvRkF5MtJjuY6WKmxUwHgwZbnZ2AtMChaXpUtt7fEGhDoA3xGfMmw2zxPvow0UZXRYY27Q+iYbQufl/EGzFgmzpP+7+SmYGqQE2ghHOTOCppWgtLEhQue0nlsBRwI65x4qUWBbppvR7Dkr/1zoznxvqlia/df3fUonBuUWSeLATN3XZvZf6vN6ko/zytpS4rQg3NQXmlOBm+mimfSYtAauGFACv9XTnMhRVAfvI9/wnx9pPvi8uPwzgaxhdHg5Mvm+/YZfvsDTtgMfvETtgZO2cjBsFpIAMbuPAs1GEVfm/QMNjsec06Ff68A38z0l0=</latexit> <latexit sha1_base64="RWdro0l7tc5lUjux89QoPpVuYd0=">AAACxnicbZFLa9tAFIVH6iOJ+3LbZTZDTUtCqZFKoN0EQrPJMoE6DlhGjK6v4iGjGTFz1dYRhv7G7rrof8nYckXl9MLA4dxvzjxuVirpKIp+B+GDh48e7+zu9Z48ffb8Rf/lq0tnKgs4AqOMvcqEQyU1jkiSwqvSoigyhePs5nTVH39D66TRX2lR4rQQ11rmEgR5K+3/yVPi7455coskDsZpzn944z0feTVPa/oQLw95kvRkF5MtJjuY6WKmxUwHgwZbnZ2AtMChaXpUtt7fEGhDoA3xGfMmw2zxPvow0UZXRYY27Q+iYbQufl/EGzFgmzpP+7+SmYGqQE2ghHOTOCppWgtLEhQue0nlsBRwI65x4qUWBbppvR7Dkr/1zoznxvqlia/df3fUonBuUWSeLATN3XZvZf6vN6ko/zytpS4rQg3NQXmlOBm+mimfSYtAauGFACv9XTnMhRVAfvI9/wnx9pPvi8uPwzgaxhdHg5Mvm+/YZfvsDTtgMfvETtgZO2cjBsFpIAMbuPAs1GEVfm/QMNjsec06Ff68A38z0l0=</latexit> 8z 2 {f, i, o, c}, Wz ! xt, Uz ! ht 1 <latexit sha1_base64="bq1waMsJR+m7McixMeUIfbo0M44=">AAACOHicbVDLSgMxFM3Ud31VXboJFsFFLTMi6LLoxp0KthU6ZcikmTY0kwzJHbUd+llu/Ax34saFIm79AtN2Fr5OCBzOuZfknDAR3IDrPjmFmdm5+YXFpeLyyuraemljs2FUqimrUyWUvg6JYYJLVgcOgl0nmpE4FKwZ9k/HfvOGacOVvIJBwtox6UoecUrASkHp3I+UJkLgoc+ln+GowiuqQrE/qvj5aQZDX/NuD4jW6hbfBTCR6z/lXpDBvjcKSmW36k6A/xIvJ2WU4yIoPfodRdOYSaCCGNPy3ATaGdHAqWCjop8alhDaJ13WslSSmJl2Ngk+wrtW6WCbwF4JeKJ+38hIbMwgDu1kTKBnfntj8T+vlUJ03M64TFJgkk4filKBQeFxi7jDNaMgBpYQqrn9K6Y9ogkF23XRluD9jvyXNA6qnlv1Lg/LtZO8jkW0jXbQHvLQEaqhM3SB6oiie/SMXtGb8+C8OO/Ox3S04OQ7W+gHnM8vuderyw==</latexit> <latexit sha1_base64="bq1waMsJR+m7McixMeUIfbo0M44=">AAACOHicbVDLSgMxFM3Ud31VXboJFsFFLTMi6LLoxp0KthU6ZcikmTY0kwzJHbUd+llu/Ax34saFIm79AtN2Fr5OCBzOuZfknDAR3IDrPjmFmdm5+YXFpeLyyuraemljs2FUqimrUyWUvg6JYYJLVgcOgl0nmpE4FKwZ9k/HfvOGacOVvIJBwtox6UoecUrASkHp3I+UJkLgoc+ln+GowiuqQrE/qvj5aQZDX/NuD4jW6hbfBTCR6z/lXpDBvjcKSmW36k6A/xIvJ2WU4yIoPfodRdOYSaCCGNPy3ATaGdHAqWCjop8alhDaJ13WslSSmJl2Ngk+wrtW6WCbwF4JeKJ+38hIbMwgDu1kTKBnfntj8T+vlUJ03M64TFJgkk4filKBQeFxi7jDNaMgBpYQqrn9K6Y9ogkF23XRluD9jvyXNA6qnlv1Lg/LtZO8jkW0jXbQHvLQEaqhM3SB6oiie/SMXtGb8+C8OO/Ox3S04OQ7W+gHnM8vuderyw==</latexit> <latexit sha1_base64="bq1waMsJR+m7McixMeUIfbo0M44=">AAACOHicbVDLSgMxFM3Ud31VXboJFsFFLTMi6LLoxp0KthU6ZcikmTY0kwzJHbUd+llu/Ax34saFIm79AtN2Fr5OCBzOuZfknDAR3IDrPjmFmdm5+YXFpeLyyuraemljs2FUqimrUyWUvg6JYYJLVgcOgl0nmpE4FKwZ9k/HfvOGacOVvIJBwtox6UoecUrASkHp3I+UJkLgoc+ln+GowiuqQrE/qvj5aQZDX/NuD4jW6hbfBTCR6z/lXpDBvjcKSmW36k6A/xIvJ2WU4yIoPfodRdOYSaCCGNPy3ATaGdHAqWCjop8alhDaJ13WslSSmJl2Ngk+wrtW6WCbwF4JeKJ+38hIbMwgDu1kTKBnfntj8T+vlUJ03M64TFJgkk4filKBQeFxi7jDNaMgBpYQqrn9K6Y9ogkF23XRluD9jvyXNA6qnlv1Lg/LtZO8jkW0jXbQHvLQEaqhM3SB6oiie/SMXtGb8+C8OO/Ox3S04OQ7W+gHnM8vuderyw==</latexit> <latexit sha1_base64="bq1waMsJR+m7McixMeUIfbo0M44=">AAACOHicbVDLSgMxFM3Ud31VXboJFsFFLTMi6LLoxp0KthU6ZcikmTY0kwzJHbUd+llu/Ax34saFIm79AtN2Fr5OCBzOuZfknDAR3IDrPjmFmdm5+YXFpeLyyuraemljs2FUqimrUyWUvg6JYYJLVgcOgl0nmpE4FKwZ9k/HfvOGacOVvIJBwtox6UoecUrASkHp3I+UJkLgoc+ln+GowiuqQrE/qvj5aQZDX/NuD4jW6hbfBTCR6z/lXpDBvjcKSmW36k6A/xIvJ2WU4yIoPfodRdOYSaCCGNPy3ATaGdHAqWCjop8alhDaJ13WslSSmJl2Ngk+wrtW6WCbwF4JeKJ+38hIbMwgDu1kTKBnfntj8T+vlUJ03M64TFJgkk4filKBQeFxi7jDNaMgBpYQqrn9K6Y9ogkF23XRluD9jvyXNA6qnlv1Lg/LtZO8jkW0jXbQHvLQEaqhM3SB6oiie/SMXtGb8+C8OO/Ox3S04OQ7W+gHnM8vuderyw==</latexit>

  9. • Scenario 1: audio attack explicitly designs the hidden states

    • Scenario 2: audio attack completely removes the Temporal Dependency from the adversarial audio • A state-of-the-art audio attack method (Carlini and Wagner, 2018, SPW) : • Attack efficacy optimizatio n • Perturbation magnitude minimization Contribution: Part 2 A novel audio attack: arg min Xa L CTC(Xa, Y a) + kX Xak2 2 <latexit sha1_base64="hyJ8eC4Lv2utgDtQL9EaJlXw+U8=">AAACLHicbVBNaxsxFNS6beK4+XCaYy6ippDQxOyaQHIM9SWHHlywYxevvbyVZVtEq12ktyFG2R/US/5KoPRQU3rt76js+NA6GRAMM+/xNBNnUhj0/blXevX6zcZmeavydntnd6+6/+7apLlmvMNSmepeDIZLoXgHBUreyzSHJJa8G980F373lmsjUtXGWcYHCUyUGAsG6KSo2gxBT8JEqMj2hlDYMAGcxrH9XEQ2RH6HttluFsWRM0/o1yEc0480vO/RU+qU8D5qDBtFVK35dX8J+pwEK1IjK7Si6vdwlLI84QqZBGP6gZ/hwIJGwSQvKmFueAbsBia876iChJuBXYYt6AenjOg41e4ppEv13w0LiTGzJHaTiyxm3VuIL3n9HMcXAytUliNX7OnQOJcUU7pojo6E5gzlzBFgWri/UjYFDQxdvxVXQrAe+Tm5btQDvx58OatdflrVUSaH5D05IgE5J5fkirRIhzDyjTySn2TuPXg/vF/e76fRkrfaOSD/wfvzF7Q/pyE=</latexit> <latexit sha1_base64="hyJ8eC4Lv2utgDtQL9EaJlXw+U8=">AAACLHicbVBNaxsxFNS6beK4+XCaYy6ippDQxOyaQHIM9SWHHlywYxevvbyVZVtEq12ktyFG2R/US/5KoPRQU3rt76js+NA6GRAMM+/xNBNnUhj0/blXevX6zcZmeavydntnd6+6/+7apLlmvMNSmepeDIZLoXgHBUreyzSHJJa8G980F373lmsjUtXGWcYHCUyUGAsG6KSo2gxBT8JEqMj2hlDYMAGcxrH9XEQ2RH6HttluFsWRM0/o1yEc0480vO/RU+qU8D5qDBtFVK35dX8J+pwEK1IjK7Si6vdwlLI84QqZBGP6gZ/hwIJGwSQvKmFueAbsBia876iChJuBXYYt6AenjOg41e4ppEv13w0LiTGzJHaTiyxm3VuIL3n9HMcXAytUliNX7OnQOJcUU7pojo6E5gzlzBFgWri/UjYFDQxdvxVXQrAe+Tm5btQDvx58OatdflrVUSaH5D05IgE5J5fkirRIhzDyjTySn2TuPXg/vF/e76fRkrfaOSD/wfvzF7Q/pyE=</latexit> <latexit sha1_base64="hyJ8eC4Lv2utgDtQL9EaJlXw+U8=">AAACLHicbVBNaxsxFNS6beK4+XCaYy6ippDQxOyaQHIM9SWHHlywYxevvbyVZVtEq12ktyFG2R/US/5KoPRQU3rt76js+NA6GRAMM+/xNBNnUhj0/blXevX6zcZmeavydntnd6+6/+7apLlmvMNSmepeDIZLoXgHBUreyzSHJJa8G980F373lmsjUtXGWcYHCUyUGAsG6KSo2gxBT8JEqMj2hlDYMAGcxrH9XEQ2RH6HttluFsWRM0/o1yEc0480vO/RU+qU8D5qDBtFVK35dX8J+pwEK1IjK7Si6vdwlLI84QqZBGP6gZ/hwIJGwSQvKmFueAbsBia876iChJuBXYYt6AenjOg41e4ppEv13w0LiTGzJHaTiyxm3VuIL3n9HMcXAytUliNX7OnQOJcUU7pojo6E5gzlzBFgWri/UjYFDQxdvxVXQrAe+Tm5btQDvx58OatdflrVUSaH5D05IgE5J5fkirRIhzDyjTySn2TuPXg/vF/e76fRkrfaOSD/wfvzF7Q/pyE=</latexit> <latexit sha1_base64="hyJ8eC4Lv2utgDtQL9EaJlXw+U8=">AAACLHicbVBNaxsxFNS6beK4+XCaYy6ippDQxOyaQHIM9SWHHlywYxevvbyVZVtEq12ktyFG2R/US/5KoPRQU3rt76js+NA6GRAMM+/xNBNnUhj0/blXevX6zcZmeavydntnd6+6/+7apLlmvMNSmepeDIZLoXgHBUreyzSHJJa8G980F373lmsjUtXGWcYHCUyUGAsG6KSo2gxBT8JEqMj2hlDYMAGcxrH9XEQ2RH6HttluFsWRM0/o1yEc0480vO/RU+qU8D5qDBtFVK35dX8J+pwEK1IjK7Si6vdwlLI84QqZBGP6gZ/hwIJGwSQvKmFueAbsBia876iChJuBXYYt6AenjOg41e4ppEv13w0LiTGzJHaTiyxm3VuIL3n9HMcXAytUliNX7OnQOJcUU7pojo6E5gzlzBFgWri/UjYFDQxdvxVXQrAe+Tm5btQDvx58OatdflrVUSaH5D05IgE5J5fkirRIhzDyjTySn2TuPXg/vF/e76fRkrfaOSD/wfvzF7Q/pyE=</latexit> N. Carlini and D. Wagner, “Audio adversarial examples: Targeted attacks on speech-to-text,” in IEEE Security and Privacy Workshops (SPW), 2018. Temporal dependency-based detection fails at:

  10. Contribution: Part 2 A novel audio attack: • We exploit

    the scenario 2: the audio attack completely removes the temporal dependency from the generated adversarial audio • The new audio attack objective : • Penalizing the hidden state’s impact on outputs, • Rewarding the input’s impact in outputs, arg min Xa L CTC(Xa, Y a) + ||X Xa||2 2 + X z2{f,i,o,c} X t {||Uzha t ||2 2 ||WzXa t ||2 2 } <latexit sha1_base64="NLl3BIlqhKOQao2HrdkuZ4aoqBs=">AAACeXicbZFNb9MwGMedjJetvJVxhIOhGiqsq5KCBMeJXnbYYUjrGlS3keM6rbXEiewniM7xd+Cz7cYX4cIFt40EbDySpb9+fz9++T9JmQkNQfDD83fu3L13f3ev9eDho8dP2k/3L3RRKcZHrMgKFSVU80xIPgIBGY9KxWmeZHycXA7X/vgrV1oU8hxWJZ/mdCFFKhgFh+L2d0LVguRCxiaaUYtJTmGZJObUxoYA/wZmeD60tuvMHv4yo2/wIa7rCB9hR+o6HswGjhBd5bG5IkISg9Oe6BU9hom1Ww7WEFPXo/gKL2c0hqbtyB00diz6wyyxcbsT9INN4dsibEQHNXUWt6/JvGBVziWwjGo9CYMSpoYqECzjtkUqzUvKLumCT5yUNOd6ajbJWXzgyBynhXJLAt7QvzsMzbVe5YnbuQ5G3/TW8H/epIL049QIWVbAJdtelFYZhgKvx4DnQnEG2coJypRwb8VsSRVl4IbVciGEN798W1wM+mHQDz+/7xx/auLYRc/RK9RFIfqAjtEJOkMjxNBP74V34L32fvkv/a7/drvV95qeZ+if8t/9BoLdvvw=</latexit> <latexit sha1_base64="NLl3BIlqhKOQao2HrdkuZ4aoqBs=">AAACeXicbZFNb9MwGMedjJetvJVxhIOhGiqsq5KCBMeJXnbYYUjrGlS3keM6rbXEiewniM7xd+Cz7cYX4cIFt40EbDySpb9+fz9++T9JmQkNQfDD83fu3L13f3ev9eDho8dP2k/3L3RRKcZHrMgKFSVU80xIPgIBGY9KxWmeZHycXA7X/vgrV1oU8hxWJZ/mdCFFKhgFh+L2d0LVguRCxiaaUYtJTmGZJObUxoYA/wZmeD60tuvMHv4yo2/wIa7rCB9hR+o6HswGjhBd5bG5IkISg9Oe6BU9hom1Ww7WEFPXo/gKL2c0hqbtyB00diz6wyyxcbsT9INN4dsibEQHNXUWt6/JvGBVziWwjGo9CYMSpoYqECzjtkUqzUvKLumCT5yUNOd6ajbJWXzgyBynhXJLAt7QvzsMzbVe5YnbuQ5G3/TW8H/epIL049QIWVbAJdtelFYZhgKvx4DnQnEG2coJypRwb8VsSRVl4IbVciGEN798W1wM+mHQDz+/7xx/auLYRc/RK9RFIfqAjtEJOkMjxNBP74V34L32fvkv/a7/drvV95qeZ+if8t/9BoLdvvw=</latexit> <latexit sha1_base64="NLl3BIlqhKOQao2HrdkuZ4aoqBs=">AAACeXicbZFNb9MwGMedjJetvJVxhIOhGiqsq5KCBMeJXnbYYUjrGlS3keM6rbXEiewniM7xd+Cz7cYX4cIFt40EbDySpb9+fz9++T9JmQkNQfDD83fu3L13f3ev9eDho8dP2k/3L3RRKcZHrMgKFSVU80xIPgIBGY9KxWmeZHycXA7X/vgrV1oU8hxWJZ/mdCFFKhgFh+L2d0LVguRCxiaaUYtJTmGZJObUxoYA/wZmeD60tuvMHv4yo2/wIa7rCB9hR+o6HswGjhBd5bG5IkISg9Oe6BU9hom1Ww7WEFPXo/gKL2c0hqbtyB00diz6wyyxcbsT9INN4dsibEQHNXUWt6/JvGBVziWwjGo9CYMSpoYqECzjtkUqzUvKLumCT5yUNOd6ajbJWXzgyBynhXJLAt7QvzsMzbVe5YnbuQ5G3/TW8H/epIL049QIWVbAJdtelFYZhgKvx4DnQnEG2coJypRwb8VsSRVl4IbVciGEN798W1wM+mHQDz+/7xx/auLYRc/RK9RFIfqAjtEJOkMjxNBP74V34L32fvkv/a7/drvV95qeZ+if8t/9BoLdvvw=</latexit> <latexit sha1_base64="NLl3BIlqhKOQao2HrdkuZ4aoqBs=">AAACeXicbZFNb9MwGMedjJetvJVxhIOhGiqsq5KCBMeJXnbYYUjrGlS3keM6rbXEiewniM7xd+Cz7cYX4cIFt40EbDySpb9+fz9++T9JmQkNQfDD83fu3L13f3ev9eDho8dP2k/3L3RRKcZHrMgKFSVU80xIPgIBGY9KxWmeZHycXA7X/vgrV1oU8hxWJZ/mdCFFKhgFh+L2d0LVguRCxiaaUYtJTmGZJObUxoYA/wZmeD60tuvMHv4yo2/wIa7rCB9hR+o6HswGjhBd5bG5IkISg9Oe6BU9hom1Ww7WEFPXo/gKL2c0hqbtyB00diz6wyyxcbsT9INN4dsibEQHNXUWt6/JvGBVziWwjGo9CYMSpoYqECzjtkUqzUvKLumCT5yUNOd6ajbJWXzgyBynhXJLAt7QvzsMzbVe5YnbuQ5G3/TW8H/epIL049QIWVbAJdtelFYZhgKvx4DnQnEG2coJypRwb8VsSRVl4IbVciGEN798W1wM+mHQDz+/7xx/auLYRc/RK9RFIfqAjtEJOkMjxNBP74V34L32fvkv/a7/drvV95qeZ+if8t/9BoLdvvw=</latexit> ||Uzha t ||2 2 <latexit sha1_base64="fcHrIpaNksaSqojQJOygNN58zLw=">AAAB+nicbVBNS8NAEN34WetXqkcvi0XwVJIi6LHoxWMF0xbaNGy2m3bp5oPdiVKT/hQvHhTx6i/x5r9x2+agrQ8GHu/NMDPPTwRXYFnfxtr6xubWdmmnvLu3f3BoVo5aKk4lZQ6NRSw7PlFM8Ig5wEGwTiIZCX3B2v74Zua3H5hUPI7uYZIwNyTDiAecEtCSZ1by3PGe8KhPPMjzft2re2bVqllz4FViF6SKCjQ986s3iGkasgioIEp1bSsBNyMSOBVsWu6liiWEjsmQdTWNSMiUm81Pn+IzrQxwEEtdEeC5+nsiI6FSk9DXnSGBkVr2ZuJ/XjeF4MrNeJSkwCK6WBSkAkOMZzngAZeMgphoQqjk+lZMR0QSCjqtsg7BXn55lbTqNduq2XcX1cZ1EUcJnaBTdI5sdIka6BY1kYMoekTP6BW9GbnxYrwbH4vWNaOYOUZ/YHz+AMyZk64=</latexit> <latexit sha1_base64="fcHrIpaNksaSqojQJOygNN58zLw=">AAAB+nicbVBNS8NAEN34WetXqkcvi0XwVJIi6LHoxWMF0xbaNGy2m3bp5oPdiVKT/hQvHhTx6i/x5r9x2+agrQ8GHu/NMDPPTwRXYFnfxtr6xubWdmmnvLu3f3BoVo5aKk4lZQ6NRSw7PlFM8Ig5wEGwTiIZCX3B2v74Zua3H5hUPI7uYZIwNyTDiAecEtCSZ1by3PGe8KhPPMjzft2re2bVqllz4FViF6SKCjQ986s3iGkasgioIEp1bSsBNyMSOBVsWu6liiWEjsmQdTWNSMiUm81Pn+IzrQxwEEtdEeC5+nsiI6FSk9DXnSGBkVr2ZuJ/XjeF4MrNeJSkwCK6WBSkAkOMZzngAZeMgphoQqjk+lZMR0QSCjqtsg7BXn55lbTqNduq2XcX1cZ1EUcJnaBTdI5sdIka6BY1kYMoekTP6BW9GbnxYrwbH4vWNaOYOUZ/YHz+AMyZk64=</latexit> <latexit sha1_base64="fcHrIpaNksaSqojQJOygNN58zLw=">AAAB+nicbVBNS8NAEN34WetXqkcvi0XwVJIi6LHoxWMF0xbaNGy2m3bp5oPdiVKT/hQvHhTx6i/x5r9x2+agrQ8GHu/NMDPPTwRXYFnfxtr6xubWdmmnvLu3f3BoVo5aKk4lZQ6NRSw7PlFM8Ig5wEGwTiIZCX3B2v74Zua3H5hUPI7uYZIwNyTDiAecEtCSZ1by3PGe8KhPPMjzft2re2bVqllz4FViF6SKCjQ986s3iGkasgioIEp1bSsBNyMSOBVsWu6liiWEjsmQdTWNSMiUm81Pn+IzrQxwEEtdEeC5+nsiI6FSk9DXnSGBkVr2ZuJ/XjeF4MrNeJSkwCK6WBSkAkOMZzngAZeMgphoQqjk+lZMR0QSCjqtsg7BXn55lbTqNduq2XcX1cZ1EUcJnaBTdI5sdIka6BY1kYMoekTP6BW9GbnxYrwbH4vWNaOYOUZ/YHz+AMyZk64=</latexit> <latexit sha1_base64="fcHrIpaNksaSqojQJOygNN58zLw=">AAAB+nicbVBNS8NAEN34WetXqkcvi0XwVJIi6LHoxWMF0xbaNGy2m3bp5oPdiVKT/hQvHhTx6i/x5r9x2+agrQ8GHu/NMDPPTwRXYFnfxtr6xubWdmmnvLu3f3BoVo5aKk4lZQ6NRSw7PlFM8Ig5wEGwTiIZCX3B2v74Zua3H5hUPI7uYZIwNyTDiAecEtCSZ1by3PGe8KhPPMjzft2re2bVqllz4FViF6SKCjQ986s3iGkasgioIEp1bSsBNyMSOBVsWu6liiWEjsmQdTWNSMiUm81Pn+IzrQxwEEtdEeC5+nsiI6FSk9DXnSGBkVr2ZuJ/XjeF4MrNeJSkwCK6WBSkAkOMZzngAZeMgphoQqjk+lZMR0QSCjqtsg7BXn55lbTqNduq2XcX1cZ1EUcJnaBTdI5sdIka6BY1kYMoekTP6BW9GbnxYrwbH4vWNaOYOUZ/YHz+AMyZk64=</latexit> ||WzXa t ||2 2 <latexit sha1_base64="2ZnbKPUTJB9PQogojv3p2hnBBwg=">AAAB+nicbVDLSsNAFJ34rPWV6tLNYBFclaQIuiy6cVnBPqCPMJlO2qGTSZi5UWrST3HjQhG3fok7/8Zpm4W2HrhwOOde7r3HjwXX4Djf1tr6xubWdmGnuLu3f3Bol46aOkoUZQ0aiUi1faKZ4JI1gINg7VgxEvqCtfzxzcxvPTCleSTvYRKzXkiGkgecEjCSZ5eyrOU94XafeJBl/apX9eyyU3HmwKvEzUkZ5ah79ld3ENEkZBKoIFp3XCeGXkoUcCrYtNhNNIsJHZMh6xgqSch0L52fPsVnRhngIFKmJOC5+nsiJaHWk9A3nSGBkV72ZuJ/XieB4KqXchknwCRdLAoSgSHCsxzwgCtGQUwMIVRxcyumI6IIBZNW0YTgLr+8SprViutU3LuLcu06j6OATtApOkcuukQ1dIvqqIEoekTP6BW9WZn1Yr1bH4vWNSufOUZ/YH3+ALbdk6A=</latexit> <latexit sha1_base64="2ZnbKPUTJB9PQogojv3p2hnBBwg=">AAAB+nicbVDLSsNAFJ34rPWV6tLNYBFclaQIuiy6cVnBPqCPMJlO2qGTSZi5UWrST3HjQhG3fok7/8Zpm4W2HrhwOOde7r3HjwXX4Djf1tr6xubWdmGnuLu3f3Bol46aOkoUZQ0aiUi1faKZ4JI1gINg7VgxEvqCtfzxzcxvPTCleSTvYRKzXkiGkgecEjCSZ5eyrOU94XafeJBl/apX9eyyU3HmwKvEzUkZ5ah79ld3ENEkZBKoIFp3XCeGXkoUcCrYtNhNNIsJHZMh6xgqSch0L52fPsVnRhngIFKmJOC5+nsiJaHWk9A3nSGBkV72ZuJ/XieB4KqXchknwCRdLAoSgSHCsxzwgCtGQUwMIVRxcyumI6IIBZNW0YTgLr+8SprViutU3LuLcu06j6OATtApOkcuukQ1dIvqqIEoekTP6BW9WZn1Yr1bH4vWNSufOUZ/YH3+ALbdk6A=</latexit> <latexit sha1_base64="2ZnbKPUTJB9PQogojv3p2hnBBwg=">AAAB+nicbVDLSsNAFJ34rPWV6tLNYBFclaQIuiy6cVnBPqCPMJlO2qGTSZi5UWrST3HjQhG3fok7/8Zpm4W2HrhwOOde7r3HjwXX4Djf1tr6xubWdmGnuLu3f3Bol46aOkoUZQ0aiUi1faKZ4JI1gINg7VgxEvqCtfzxzcxvPTCleSTvYRKzXkiGkgecEjCSZ5eyrOU94XafeJBl/apX9eyyU3HmwKvEzUkZ5ah79ld3ENEkZBKoIFp3XCeGXkoUcCrYtNhNNIsJHZMh6xgqSch0L52fPsVnRhngIFKmJOC5+nsiJaHWk9A3nSGBkV72ZuJ/XieB4KqXchknwCRdLAoSgSHCsxzwgCtGQUwMIVRxcyumI6IIBZNW0YTgLr+8SprViutU3LuLcu06j6OATtApOkcuukQ1dIvqqIEoekTP6BW9WZn1Yr1bH4vWNSufOUZ/YH3+ALbdk6A=</latexit> <latexit sha1_base64="2ZnbKPUTJB9PQogojv3p2hnBBwg=">AAAB+nicbVDLSsNAFJ34rPWV6tLNYBFclaQIuiy6cVnBPqCPMJlO2qGTSZi5UWrST3HjQhG3fok7/8Zpm4W2HrhwOOde7r3HjwXX4Djf1tr6xubWdmGnuLu3f3Bol46aOkoUZQ0aiUi1faKZ4JI1gINg7VgxEvqCtfzxzcxvPTCleSTvYRKzXkiGkgecEjCSZ5eyrOU94XafeJBl/apX9eyyU3HmwKvEzUkZ5ah79ld3ENEkZBKoIFp3XCeGXkoUcCrYtNhNNIsJHZMh6xgqSch0L52fPsVnRhngIFKmJOC5+nsiJaHWk9A3nSGBkV72ZuJ/XieB4KqXchknwCRdLAoSgSHCsxzwgCtGQUwMIVRxcyumI6IIBZNW0YTgLr+8SprViutU3LuLcu06j6OATtApOkcuukQ1dIvqqIEoekTP6BW9WZn1Yr1bH4vWNSufOUZ/YH3+ALbdk6A=</latexit>

  11. Contribution: Part 2 A novel audio attack: • We further

    work on the new objective: • the hyper-parameter controls the trade off: 1 = L CTC(Xa, Y a) + ||X Xa||2 2 2 = X z2{f,i,o,c} X t {||Uzha t ||2 2 ||WzXa t ||2 2 } arg min Xa ↵ 1 1 + 2 + (1 ↵) 2 1 + 2 <latexit sha1_base64="pFDL5uAjRKG+w4tdtJIa3bD+Xzw=">AAAC+HicbVLLjtMwFHXCaygwdGDJxqICdUSpkgiJ2SCN6IYFiyJNp0F1Gzmu01iTOJHtjGgdfwkbFiDElk9hx9/gNJWY15UsH5177vH1teMyY1J53l/HvXX7zt17e/c7Dx4+2n/cPXhyKotKEDohRVaIMMaSZozTiWIqo2EpKM7jjE7js1GTn55TIVnBT9S6pPMcrzhLGMHKUtGBs/8SjVMW+fAdRDlWaRzrjybSSNEvSo9ORsb0wwUewM8LfAhfwboO4WtombqOgkWAeMGrPKYCoU5rFDRGssojvUGMIw2TARsUAwKRMS2vjEa6rifRBqYLHKnWybrW9dRy4X/OIHP5ACxWKGc80lZkXXBWphglAhPdXsLsdtto24yxqO9b71Z7CC+ogxvUJur2vKG3DXgd+DvQA7sYR90/aFmQKqdckQxLOfO9Us01FoqRjJoOqiQtMTnDKzqzkOOcyrnePpyBLyyzhEkh7OIKbtmLFRrnUq7z2Cqbt5FXcw15U25WqeRorhkvK0U5aQ9KqgyqAja/AC6ZoERlawswEcz2CkmK7WiU/SsdOwT/6pWvg9Ng6HtD/9Ob3vH73Tj2wDPwHPSBD96CY/ABjMEEEKdyvjrfnR/uxv3m/nR/tVLX2dU8BZfC/f0PCqXrRg==</latexit> <latexit sha1_base64="pFDL5uAjRKG+w4tdtJIa3bD+Xzw=">AAAC+HicbVLLjtMwFHXCaygwdGDJxqICdUSpkgiJ2SCN6IYFiyJNp0F1Gzmu01iTOJHtjGgdfwkbFiDElk9hx9/gNJWY15UsH5177vH1teMyY1J53l/HvXX7zt17e/c7Dx4+2n/cPXhyKotKEDohRVaIMMaSZozTiWIqo2EpKM7jjE7js1GTn55TIVnBT9S6pPMcrzhLGMHKUtGBs/8SjVMW+fAdRDlWaRzrjybSSNEvSo9ORsb0wwUewM8LfAhfwboO4WtombqOgkWAeMGrPKYCoU5rFDRGssojvUGMIw2TARsUAwKRMS2vjEa6rifRBqYLHKnWybrW9dRy4X/OIHP5ACxWKGc80lZkXXBWphglAhPdXsLsdtto24yxqO9b71Z7CC+ogxvUJur2vKG3DXgd+DvQA7sYR90/aFmQKqdckQxLOfO9Us01FoqRjJoOqiQtMTnDKzqzkOOcyrnePpyBLyyzhEkh7OIKbtmLFRrnUq7z2Cqbt5FXcw15U25WqeRorhkvK0U5aQ9KqgyqAja/AC6ZoERlawswEcz2CkmK7WiU/SsdOwT/6pWvg9Ng6HtD/9Ob3vH73Tj2wDPwHPSBD96CY/ABjMEEEKdyvjrfnR/uxv3m/nR/tVLX2dU8BZfC/f0PCqXrRg==</latexit> <latexit sha1_base64="pFDL5uAjRKG+w4tdtJIa3bD+Xzw=">AAAC+HicbVLLjtMwFHXCaygwdGDJxqICdUSpkgiJ2SCN6IYFiyJNp0F1Gzmu01iTOJHtjGgdfwkbFiDElk9hx9/gNJWY15UsH5177vH1teMyY1J53l/HvXX7zt17e/c7Dx4+2n/cPXhyKotKEDohRVaIMMaSZozTiWIqo2EpKM7jjE7js1GTn55TIVnBT9S6pPMcrzhLGMHKUtGBs/8SjVMW+fAdRDlWaRzrjybSSNEvSo9ORsb0wwUewM8LfAhfwboO4WtombqOgkWAeMGrPKYCoU5rFDRGssojvUGMIw2TARsUAwKRMS2vjEa6rifRBqYLHKnWybrW9dRy4X/OIHP5ACxWKGc80lZkXXBWphglAhPdXsLsdtto24yxqO9b71Z7CC+ogxvUJur2vKG3DXgd+DvQA7sYR90/aFmQKqdckQxLOfO9Us01FoqRjJoOqiQtMTnDKzqzkOOcyrnePpyBLyyzhEkh7OIKbtmLFRrnUq7z2Cqbt5FXcw15U25WqeRorhkvK0U5aQ9KqgyqAja/AC6ZoERlawswEcz2CkmK7WiU/SsdOwT/6pWvg9Ng6HtD/9Ob3vH73Tj2wDPwHPSBD96CY/ABjMEEEKdyvjrfnR/uxv3m/nR/tVLX2dU8BZfC/f0PCqXrRg==</latexit> <latexit sha1_base64="pFDL5uAjRKG+w4tdtJIa3bD+Xzw=">AAAC+HicbVLLjtMwFHXCaygwdGDJxqICdUSpkgiJ2SCN6IYFiyJNp0F1Gzmu01iTOJHtjGgdfwkbFiDElk9hx9/gNJWY15UsH5177vH1teMyY1J53l/HvXX7zt17e/c7Dx4+2n/cPXhyKotKEDohRVaIMMaSZozTiWIqo2EpKM7jjE7js1GTn55TIVnBT9S6pPMcrzhLGMHKUtGBs/8SjVMW+fAdRDlWaRzrjybSSNEvSo9ORsb0wwUewM8LfAhfwboO4WtombqOgkWAeMGrPKYCoU5rFDRGssojvUGMIw2TARsUAwKRMS2vjEa6rifRBqYLHKnWybrW9dRy4X/OIHP5ACxWKGc80lZkXXBWphglAhPdXsLsdtto24yxqO9b71Z7CC+ogxvUJur2vKG3DXgd+DvQA7sYR90/aFmQKqdckQxLOfO9Us01FoqRjJoOqiQtMTnDKzqzkOOcyrnePpyBLyyzhEkh7OIKbtmLFRrnUq7z2Cqbt5FXcw15U25WqeRorhkvK0U5aQ9KqgyqAja/AC6ZoERlawswEcz2CkmK7WiU/SsdOwT/6pWvg9Ng6HtD/9Ob3vH73Tj2wDPwHPSBD96CY/ABjMEEEKdyvjrfnR/uxv3m/nR/tVLX2dU8BZfC/f0PCqXrRg==</latexit> ↵ ⇠ [0, 1] <latexit sha1_base64="H5vQRYIkQq2T8VZu+SHde3ePncs=">AAAB+XicbVBNS8NAEN34WetX1KOXxSJ4kJKIoMeiF48V7AckoUy2m3bp7ibsbgol9J948aCIV/+JN/+N2zYHbX0w8Hhvhpl5ccaZNp737aytb2xubVd2qrt7+weH7tFxW6e5IrRFUp6qbgyaciZpyzDDaTdTFETMaSce3c/8zpgqzVL5ZCYZjQQMJEsYAWOlnuuGwLMhhJqJwLvEftRza17dmwOvEr8kNVSi2XO/wn5KckGlIRy0DnwvM1EByjDC6bQa5ppmQEYwoIGlEgTVUTG/fIrPrdLHSapsSYPn6u+JAoTWExHbTgFmqJe9mfifF+QmuY0KJrPcUEkWi5KcY5PiWQy4zxQlhk8sAaKYvRWTISggxoZVtSH4yy+vkvZV3ffq/uN1rXFXxlFBp+gMXSAf3aAGekBN1EIEjdEzekVvTuG8OO/Ox6J1zSlnTtAfOJ8/OB2Stw==</latexit> <latexit sha1_base64="H5vQRYIkQq2T8VZu+SHde3ePncs=">AAAB+XicbVBNS8NAEN34WetX1KOXxSJ4kJKIoMeiF48V7AckoUy2m3bp7ibsbgol9J948aCIV/+JN/+N2zYHbX0w8Hhvhpl5ccaZNp737aytb2xubVd2qrt7+weH7tFxW6e5IrRFUp6qbgyaciZpyzDDaTdTFETMaSce3c/8zpgqzVL5ZCYZjQQMJEsYAWOlnuuGwLMhhJqJwLvEftRza17dmwOvEr8kNVSi2XO/wn5KckGlIRy0DnwvM1EByjDC6bQa5ppmQEYwoIGlEgTVUTG/fIrPrdLHSapsSYPn6u+JAoTWExHbTgFmqJe9mfifF+QmuY0KJrPcUEkWi5KcY5PiWQy4zxQlhk8sAaKYvRWTISggxoZVtSH4yy+vkvZV3ffq/uN1rXFXxlFBp+gMXSAf3aAGekBN1EIEjdEzekVvTuG8OO/Ox6J1zSlnTtAfOJ8/OB2Stw==</latexit> <latexit sha1_base64="H5vQRYIkQq2T8VZu+SHde3ePncs=">AAAB+XicbVBNS8NAEN34WetX1KOXxSJ4kJKIoMeiF48V7AckoUy2m3bp7ibsbgol9J948aCIV/+JN/+N2zYHbX0w8Hhvhpl5ccaZNp737aytb2xubVd2qrt7+weH7tFxW6e5IrRFUp6qbgyaciZpyzDDaTdTFETMaSce3c/8zpgqzVL5ZCYZjQQMJEsYAWOlnuuGwLMhhJqJwLvEftRza17dmwOvEr8kNVSi2XO/wn5KckGlIRy0DnwvM1EByjDC6bQa5ppmQEYwoIGlEgTVUTG/fIrPrdLHSapsSYPn6u+JAoTWExHbTgFmqJe9mfifF+QmuY0KJrPcUEkWi5KcY5PiWQy4zxQlhk8sAaKYvRWTISggxoZVtSH4yy+vkvZV3ffq/uN1rXFXxlFBp+gMXSAf3aAGekBN1EIEjdEzekVvTuG8OO/Ox6J1zSlnTtAfOJ8/OB2Stw==</latexit> <latexit sha1_base64="H5vQRYIkQq2T8VZu+SHde3ePncs=">AAAB+XicbVBNS8NAEN34WetX1KOXxSJ4kJKIoMeiF48V7AckoUy2m3bp7ibsbgol9J948aCIV/+JN/+N2zYHbX0w8Hhvhpl5ccaZNp737aytb2xubVd2qrt7+weH7tFxW6e5IrRFUp6qbgyaciZpyzDDaTdTFETMaSce3c/8zpgqzVL5ZCYZjQQMJEsYAWOlnuuGwLMhhJqJwLvEftRza17dmwOvEr8kNVSi2XO/wn5KckGlIRy0DnwvM1EByjDC6bQa5ppmQEYwoIGlEgTVUTG/fIrPrdLHSapsSYPn6u+JAoTWExHbTgFmqJe9mfifF+QmuY0KJrPcUEkWi5KcY5PiWQy4zxQlhk8sAaKYvRWTISggxoZVtSH4yy+vkvZV3ffq/uN1rXFXxlFBp+gMXSAf3aAGekBN1EIEjdEzekVvTuG8OO/Ox6J1zSlnTtAfOJ8/OB2Stw==</latexit>

  12. Experiments: Experiment settings: • Mozilla Common Voice: durations between 1.73s

    ~ 7.8s • Attack targets: • ‘hello google’ • ‘this is an adversarial example’ • ‘hello google please cancel my medical appointment’ N. Carlini and D. Wagner, “Audio adversarial examples: Targeted attacks on speech-to-text,” in IEEE Security and Privacy Workshops (SPW), 2018. • Comparisons in terms of: • Temporal dependency-based detection results • Audio attack efficacies • Perturbation magnitudes Comparisons against Carlini and Wagner, 2018, SPW:

  13. Experiments: Temporal dependency-based detection results comparison: • Detection result is

    measured by AUC score • Main observations: • The temporal dependency detection identifies Carlini’s adversarial audios accurately • The detection against out method is not much better than random guessing, i.e., our method can evade detection with high probability

  14. Experiments: Attack efficacies comparison: WER CER Our’s 0.134 0.044 Carlini’s

    0.130 0.040 Average Attack Word/Char Error Rates <latexit sha1_base64="q6AmSZF3md/7/Tw7c9kT2eBDO3E=">AAACFHicbVDLSsNAFJ34tr6iLt0MFkEQaiKCLqsiuFSxrdCGMpnc2KGTTJi5EUvoR7jxV9y4UMStC3f+jdPHwtdZHc65l3PvCTMpDHrepzMxOTU9Mzs3X1pYXFpecVfX6kblmkONK6n0dcgMSJFCDQVKuM40sCSU0Ai7JwO/cQvaCJVeYS+DIGE3qYgFZ2iltrvTQrjD4sjOsBugR4iMd2lD6Wj3pMM0PdVaaXrJEEy/7Za9ijcE/Uv8MSmTMc7b7kcrUjxPIEUumTFN38swKJhGwSX0S63cQGbzbHLT0pQlYIJi+FSfblklorFNj1WKdKh+3yhYYkwvCe1kwrBjfnsD8T+vmWN8GBQizXKElI+C4lxSVHTQEI2EBo6yZwnjWthbKbdVMI62x5Itwf/98l9S36v4XsW/2C9Xj8d1zJENskm2iU8OSJWckXNSI5zck0fyTF6cB+fJeXXeRqMTznhnnfyA8/4FUpyeVw==</latexit> <latexit sha1_base64="q6AmSZF3md/7/Tw7c9kT2eBDO3E=">AAACFHicbVDLSsNAFJ34tr6iLt0MFkEQaiKCLqsiuFSxrdCGMpnc2KGTTJi5EUvoR7jxV9y4UMStC3f+jdPHwtdZHc65l3PvCTMpDHrepzMxOTU9Mzs3X1pYXFpecVfX6kblmkONK6n0dcgMSJFCDQVKuM40sCSU0Ai7JwO/cQvaCJVeYS+DIGE3qYgFZ2iltrvTQrjD4sjOsBugR4iMd2lD6Wj3pMM0PdVaaXrJEEy/7Za9ijcE/Uv8MSmTMc7b7kcrUjxPIEUumTFN38swKJhGwSX0S63cQGbzbHLT0pQlYIJi+FSfblklorFNj1WKdKh+3yhYYkwvCe1kwrBjfnsD8T+vmWN8GBQizXKElI+C4lxSVHTQEI2EBo6yZwnjWthbKbdVMI62x5Itwf/98l9S36v4XsW/2C9Xj8d1zJENskm2iU8OSJWckXNSI5zck0fyTF6cB+fJeXXeRqMTznhnnfyA8/4FUpyeVw==</latexit> <latexit sha1_base64="q6AmSZF3md/7/Tw7c9kT2eBDO3E=">AAACFHicbVDLSsNAFJ34tr6iLt0MFkEQaiKCLqsiuFSxrdCGMpnc2KGTTJi5EUvoR7jxV9y4UMStC3f+jdPHwtdZHc65l3PvCTMpDHrepzMxOTU9Mzs3X1pYXFpecVfX6kblmkONK6n0dcgMSJFCDQVKuM40sCSU0Ai7JwO/cQvaCJVeYS+DIGE3qYgFZ2iltrvTQrjD4sjOsBugR4iMd2lD6Wj3pMM0PdVaaXrJEEy/7Za9ijcE/Uv8MSmTMc7b7kcrUjxPIEUumTFN38swKJhGwSX0S63cQGbzbHLT0pQlYIJi+FSfblklorFNj1WKdKh+3yhYYkwvCe1kwrBjfnsD8T+vmWN8GBQizXKElI+C4lxSVHTQEI2EBo6yZwnjWthbKbdVMI62x5Itwf/98l9S36v4XsW/2C9Xj8d1zJENskm2iU8OSJWckXNSI5zck0fyTF6cB+fJeXXeRqMTznhnnfyA8/4FUpyeVw==</latexit> <latexit sha1_base64="q6AmSZF3md/7/Tw7c9kT2eBDO3E=">AAACFHicbVDLSsNAFJ34tr6iLt0MFkEQaiKCLqsiuFSxrdCGMpnc2KGTTJi5EUvoR7jxV9y4UMStC3f+jdPHwtdZHc65l3PvCTMpDHrepzMxOTU9Mzs3X1pYXFpecVfX6kblmkONK6n0dcgMSJFCDQVKuM40sCSU0Ai7JwO/cQvaCJVeYS+DIGE3qYgFZ2iltrvTQrjD4sjOsBugR4iMd2lD6Wj3pMM0PdVaaXrJEEy/7Za9ijcE/Uv8MSmTMc7b7kcrUjxPIEUumTFN38swKJhGwSX0S63cQGbzbHLT0pQlYIJi+FSfblklorFNj1WKdKh+3yhYYkwvCe1kwrBjfnsD8T+vmWN8GBQizXKElI+C4lxSVHTQEI2EBo6yZwnjWthbKbdVMI62x5Itwf/98l9S36v4XsW/2C9Xj8d1zJENskm2iU8OSJWckXNSI5zck0fyTF6cB+fJeXXeRqMTznhnnfyA8/4FUpyeVw==</latexit> • Attack efficacy metric: • Use WER/CER to measure consistency between adversarial audio’s transcript and corresponding attack target • We compare the averaged WER/CER between ours and Carlini’s • Both audio attack methods have about the same attack efficacy

  15. 15 Perturbation magnitudes comparison: Experiments: • We use Decibel to

    measure the perturbation magnitude: • Smaller value indicates quieter perturbation: • The averaged perturbations of Our’s and Carlini’s are: -30dB v.s. -45dB • We sacrificed some perturbation magnitude in exchange for lower detectability dB(x) = max i 20 log10 xi <latexit sha1_base64="KQeRN2eeXAwcPztFFUhqpvphYPw=">AAACCXicbVDLSsNAFJ3UV62vqEs3g0Wom5IUQTdCqRuXFewDmhAmk0k7dCYJMxNpCdm68VfcuFDErX/gzr9x2mahrQcuHM65l3vv8RNGpbKsb6O0tr6xuVXeruzs7u0fmIdHXRmnApMOjlks+j6ShNGIdBRVjPQTQRD3Gen545uZ33sgQtI4ulfThLgcDSMaUoyUljwTBq3a5BxeQ4ejiZfRPGtYDouHXmZb+cSjuWdWrbo1B1wldkGqoEDbM7+cIMYpJ5HCDEk5sK1EuRkSimJG8oqTSpIgPEZDMtA0QpxIN5t/ksMzrQQwjIWuSMG5+nsiQ1zKKfd1J0dqJJe9mfifN0hVeOVmNEpSRSK8WBSmDKoYzmKBARUEKzbVBGFB9a0Qj5BAWOnwKjoEe/nlVdJt1G2rbt9dVJutIo4yOAGnoAZscAma4Ba0QQdg8AiewSt4M56MF+Pd+Fi0loxi5hj8gfH5A9JQmSk=</latexit> <latexit sha1_base64="KQeRN2eeXAwcPztFFUhqpvphYPw=">AAACCXicbVDLSsNAFJ3UV62vqEs3g0Wom5IUQTdCqRuXFewDmhAmk0k7dCYJMxNpCdm68VfcuFDErX/gzr9x2mahrQcuHM65l3vv8RNGpbKsb6O0tr6xuVXeruzs7u0fmIdHXRmnApMOjlks+j6ShNGIdBRVjPQTQRD3Gen545uZ33sgQtI4ulfThLgcDSMaUoyUljwTBq3a5BxeQ4ejiZfRPGtYDouHXmZb+cSjuWdWrbo1B1wldkGqoEDbM7+cIMYpJ5HCDEk5sK1EuRkSimJG8oqTSpIgPEZDMtA0QpxIN5t/ksMzrQQwjIWuSMG5+nsiQ1zKKfd1J0dqJJe9mfifN0hVeOVmNEpSRSK8WBSmDKoYzmKBARUEKzbVBGFB9a0Qj5BAWOnwKjoEe/nlVdJt1G2rbt9dVJutIo4yOAGnoAZscAma4Ba0QQdg8AiewSt4M56MF+Pd+Fi0loxi5hj8gfH5A9JQmSk=</latexit> <latexit sha1_base64="KQeRN2eeXAwcPztFFUhqpvphYPw=">AAACCXicbVDLSsNAFJ3UV62vqEs3g0Wom5IUQTdCqRuXFewDmhAmk0k7dCYJMxNpCdm68VfcuFDErX/gzr9x2mahrQcuHM65l3vv8RNGpbKsb6O0tr6xuVXeruzs7u0fmIdHXRmnApMOjlks+j6ShNGIdBRVjPQTQRD3Gen545uZ33sgQtI4ulfThLgcDSMaUoyUljwTBq3a5BxeQ4ejiZfRPGtYDouHXmZb+cSjuWdWrbo1B1wldkGqoEDbM7+cIMYpJ5HCDEk5sK1EuRkSimJG8oqTSpIgPEZDMtA0QpxIN5t/ksMzrQQwjIWuSMG5+nsiQ1zKKfd1J0dqJJe9mfifN0hVeOVmNEpSRSK8WBSmDKoYzmKBARUEKzbVBGFB9a0Qj5BAWOnwKjoEe/nlVdJt1G2rbt9dVJutIo4yOAGnoAZscAma4Ba0QQdg8AiewSt4M56MF+Pd+Fi0loxi5hj8gfH5A9JQmSk=</latexit> <latexit sha1_base64="KQeRN2eeXAwcPztFFUhqpvphYPw=">AAACCXicbVDLSsNAFJ3UV62vqEs3g0Wom5IUQTdCqRuXFewDmhAmk0k7dCYJMxNpCdm68VfcuFDErX/gzr9x2mahrQcuHM65l3vv8RNGpbKsb6O0tr6xuVXeruzs7u0fmIdHXRmnApMOjlks+j6ShNGIdBRVjPQTQRD3Gen545uZ33sgQtI4ulfThLgcDSMaUoyUljwTBq3a5BxeQ4ejiZfRPGtYDouHXmZb+cSjuWdWrbo1B1wldkGqoEDbM7+cIMYpJ5HCDEk5sK1EuRkSimJG8oqTSpIgPEZDMtA0QpxIN5t/ksMzrQQwjIWuSMG5+nsiQ1zKKfd1J0dqJJe9mfifN0hVeOVmNEpSRSK8WBSmDKoYzmKBARUEKzbVBGFB9a0Qj5BAWOnwKjoEe/nlVdJt1G2rbt9dVJutIo4yOAGnoAZscAma4Ba0QQdg8AiewSt4M56MF+Pd+Fi0loxi5hj8gfH5A9JQmSk=</latexit>

  16. Conclusion and future work • We explored the role of

    temporal dependency in adversarial audio example s • We proposed a new audio attack that evades the temporal dependency detectio n • Experiments shows the new audio attack’s efficacy and low perturbation magnitude Conclusions Future work • One future work is to incorporate temporal dependency to develop more robustness detection methods Funding • This work was supported by grants from the Department of Energy #DE-NA0003946, Army Research Lab W56KGU-20-C-0002, and National Science Foundation CAREER #1943552

  17. Questions Please email [email protected] Thank You!