Inaudible Manipulation of Voice-Enabled Devices Through BackDoor Using Robust Adversarial Audio Attacks: Invited Paper

Proceedings of the 3rd ACM Workshop on Wireless Security and Machine Learning Pub Date : 2021-06-28 DOI:10.1145/3468218.3469048

Morriel Kasher, Michael Zhao, Aryeh Greenberg, Devin Gulati, S. Kokalj-Filipovic, P. Spasojevic

{"title":"Inaudible Manipulation of Voice-Enabled Devices Through BackDoor Using Robust Adversarial Audio Attacks: Invited Paper","authors":"Morriel Kasher, Michael Zhao, Aryeh Greenberg, Devin Gulati, S. Kokalj-Filipovic, P. Spasojevic","doi":"10.1145/3468218.3469048","DOIUrl":null,"url":null,"abstract":"The BackDoor system provides a method for inaudibly transmitting messages that are recorded by unmodified receiver microphones as if they were transmitted audibly. Adversarial Audio attacks allow for an audio sample to sound like one message but be transcribed by a speech processing neural network as a different message. This study investigates the potential applications of Adversarial Audio through the BackDoor system to manipulate voice-enabled devices, or VEDs, without detection by humans or other nearby microphones. We discreetly transmit voice commands by applying robust, noise-resistant adversarial audio perturbations through BackDoor on top of a predetermined speech or music base sample to achieve a desired target transcription. Our analysis compares differing base carriers, target phrases, and perturbation strengths for maximal effectiveness through BackDoor. We determined that such an attack is feasible and that the desired adversarial properties of the audio sample are maintained even when transmitted through BackDoor.","PeriodicalId":318719,"journal":{"name":"Proceedings of the 3rd ACM Workshop on Wireless Security and Machine Learning","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd ACM Workshop on Wireless Security and Machine Learning","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3468218.3469048","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

The BackDoor system provides a method for inaudibly transmitting messages that are recorded by unmodified receiver microphones as if they were transmitted audibly. Adversarial Audio attacks allow for an audio sample to sound like one message but be transcribed by a speech processing neural network as a different message. This study investigates the potential applications of Adversarial Audio through the BackDoor system to manipulate voice-enabled devices, or VEDs, without detection by humans or other nearby microphones. We discreetly transmit voice commands by applying robust, noise-resistant adversarial audio perturbations through BackDoor on top of a predetermined speech or music base sample to achieve a desired target transcription. Our analysis compares differing base carriers, target phrases, and perturbation strengths for maximal effectiveness through BackDoor. We determined that such an attack is feasible and that the desired adversarial properties of the audio sample are maintained even when transmitted through BackDoor.

查看原文本刊更多论文

使用稳健的对抗性音频攻击通过后门操纵语音设备:邀请论文

该后门系统提供了一种隐形传输消息的方法，所述消息由未修改的接收器麦克风记录，就好像它们是隐形传输一样。对抗性音频攻击允许音频样本听起来像一个信息，但被语音处理神经网络转录为不同的信息。本研究调查了对抗性音频的潜在应用，通过后门系统操纵语音设备，或ved，而不被人类或其他附近的麦克风检测到。我们通过后门在预定的语音或音乐基础样本上应用鲁棒、抗噪声的对抗性音频扰动来谨慎地传输语音命令，以实现所需的目标转录。我们的分析比较了不同的基础载体、目标短语和扰动强度，以通过后门获得最大的有效性。我们确定这样的攻击是可行的，并且即使通过后门传输音频样本也保持了所需的对抗性属性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 3rd ACM Workshop on Wireless Security and Machine Learning

自引率

0.00%

发文量