TY - GEN
T1 - Inaudible Manipulation of Voice-Enabled Devices through BackDoor Using Robust Adversarial Audio Attacks
T2 - 3rd ACM Workshop on Wireless Security and Machine Learning, WiseML 2021
AU - Kasher, Morriel
AU - Zhao, Michael
AU - Greenberg, Aryeh
AU - Gulati, Devin
AU - Kokalj-Filipovic, Silvija
AU - Spasojevic, Predrag
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/6/28
Y1 - 2021/6/28
N2 - The BackDoor system provides a method for inaudibly transmitting messages that are recorded by unmodified receiver microphones as if they were transmitted audibly. Adversarial Audio attacks allow for an audio sample to sound like one message but be transcribed by a speech processing neural network as a different message. This study investigates the potential applications of Adversarial Audio through the BackDoor system to manipulate voice-enabled devices, or VEDs, without detection by humans or other nearby microphones. We discreetly transmit voice commands by applying robust, noise-resistant adversarial audio perturbations through BackDoor on top of a predetermined speech or music base sample to achieve a desired target transcription. Our analysis compares differing base carriers, target phrases, and perturbation strengths for maximal effectiveness through BackDoor. We determined that such an attack is feasible and that the desired adversarial properties of the audio sample are maintained even when transmitted through BackDoor.
AB - The BackDoor system provides a method for inaudibly transmitting messages that are recorded by unmodified receiver microphones as if they were transmitted audibly. Adversarial Audio attacks allow for an audio sample to sound like one message but be transcribed by a speech processing neural network as a different message. This study investigates the potential applications of Adversarial Audio through the BackDoor system to manipulate voice-enabled devices, or VEDs, without detection by humans or other nearby microphones. We discreetly transmit voice commands by applying robust, noise-resistant adversarial audio perturbations through BackDoor on top of a predetermined speech or music base sample to achieve a desired target transcription. Our analysis compares differing base carriers, target phrases, and perturbation strengths for maximal effectiveness through BackDoor. We determined that such an attack is feasible and that the desired adversarial properties of the audio sample are maintained even when transmitted through BackDoor.
UR - http://www.scopus.com/inward/record.url?scp=85118783441&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85118783441&partnerID=8YFLogxK
U2 - 10.1145/3468218.3469048
DO - 10.1145/3468218.3469048
M3 - Conference contribution
AN - SCOPUS:85118783441
T3 - WiseML 2021 - Proceedings of the 3rd ACM Workshop on Wireless Security and Machine Learning
SP - 37
EP - 42
BT - WiseML 2021 - Proceedings of the 3rd ACM Workshop on Wireless Security and Machine Learning
PB - Association for Computing Machinery, Inc
Y2 - 2 July 2021
ER -