TY - GEN
T1 - UTIO
T2 - 2022 IEEE 28<sup>th</sup> International Conference on Parallel and Distributed Systems
AU - Zhao, Cui
AU - Li, Zhenjiang
AU - Ding, Han
AU - Xi, Wei
N1 - Full text of this publication does not contain sufficient affiliation information. With consent from the author(s) concerned, the Research Unit(s) information for this record is based on the existing academic department affiliation of the author(s).
PY - 2023
Y1 - 2023
N2 - The audio adversarial example has been demonstrated to be an effective attack which leads to prediction errors of the intelligent voice control system (e.g., deep neural network based speech recognition service), despite resembling a valid input to our human beings. An ideal adversarial example attack should have four major advantages, including 1) utilizing a universal adversarial perturbation against arbitrary voice commands, 2) tricking a model to get an incorrect and targeted result, 3) imperceptible to users even in a silent place and 4) validating in an over-the-air (OTA) scenario as well. However, existing studies mainly involve several but not all of these criteria. In this paper, we propose UTIO, a universal, targeted, imperceptible and OTA audio adversarial example design, which leverages one perturbation to fool a speech recognition model in OTA scenarios. Moreover, a variety of speeches can be misled to a targeted threat command imperceptibly. To harvest such benefits, we leverage two targeted loss functions to generate adversarial perturbations, and employ the psychoacoustic principle to further conceal the attack. Finally, we actively embed additional distortions, occurred during the physical propagation, in the process of perturbation generation to make UTIO still valid in an OTA scenario. Extensive experiments show that UTIO can perform 94.15% success attack rate locally, i.e., without physical propagation, while retaining 93.44% attack rate in an OTA scenario. In addition, three types of defensive strategies are also introduced to resist against our attack. © 2023 IEEE.
AB - The audio adversarial example has been demonstrated to be an effective attack which leads to prediction errors of the intelligent voice control system (e.g., deep neural network based speech recognition service), despite resembling a valid input to our human beings. An ideal adversarial example attack should have four major advantages, including 1) utilizing a universal adversarial perturbation against arbitrary voice commands, 2) tricking a model to get an incorrect and targeted result, 3) imperceptible to users even in a silent place and 4) validating in an over-the-air (OTA) scenario as well. However, existing studies mainly involve several but not all of these criteria. In this paper, we propose UTIO, a universal, targeted, imperceptible and OTA audio adversarial example design, which leverages one perturbation to fool a speech recognition model in OTA scenarios. Moreover, a variety of speeches can be misled to a targeted threat command imperceptibly. To harvest such benefits, we leverage two targeted loss functions to generate adversarial perturbations, and employ the psychoacoustic principle to further conceal the attack. Finally, we actively embed additional distortions, occurred during the physical propagation, in the process of perturbation generation to make UTIO still valid in an OTA scenario. Extensive experiments show that UTIO can perform 94.15% success attack rate locally, i.e., without physical propagation, while retaining 93.44% attack rate in an OTA scenario. In addition, three types of defensive strategies are also introduced to resist against our attack. © 2023 IEEE.
KW - Adversarial Example
KW - Machine Learning
KW - Speech Recognition
KW - Voice control systems
UR - http://www.scopus.com/inward/record.url?scp=85152925921&partnerID=8YFLogxK
UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85152925921&origin=recordpage
U2 - 10.1109/ICPADS56603.2022.00052
DO - 10.1109/ICPADS56603.2022.00052
M3 - RGC 32 - Refereed conference paper (with host publication)
T3 - Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS
SP - 346
EP - 353
BT - Proceedings - 2022 IEEE 28th International Conference on Parallel and Distributed Systems (ICPADS 2022)
PB - IEEE
Y2 - 10 January 2023 through 12 January 2023
ER -