skip to main content
10.1145/3468218.3469048acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
short-paper

Inaudible Manipulation of Voice-Enabled Devices Through BackDoor Using Robust Adversarial Audio Attacks: Invited Paper

Published: 28 June 2021 Publication History

Abstract

The BackDoor system provides a method for inaudibly transmitting messages that are recorded by unmodified receiver microphones as if they were transmitted audibly. Adversarial Audio attacks allow for an audio sample to sound like one message but be transcribed by a speech processing neural network as a different message. This study investigates the potential applications of Adversarial Audio through the BackDoor system to manipulate voice-enabled devices, or VEDs, without detection by humans or other nearby microphones. We discreetly transmit voice commands by applying robust, noise-resistant adversarial audio perturbations through BackDoor on top of a predetermined speech or music base sample to achieve a desired target transcription. Our analysis compares differing base carriers, target phrases, and perturbation strengths for maximal effectiveness through BackDoor. We determined that such an attack is feasible and that the desired adversarial properties of the audio sample are maintained even when transmitted through BackDoor.

References

[1]
Nicholas Carlini and David A. Wagner. 2018. Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. CoRR abs/1801.01944 (2018). arXiv:1801.01944 http://arxiv.org/abs/1801.01944
[2]
S. Square Enterprise Company Limited Pro-Wave Electronics Corporation. 2019. Air Ultrasonic Ceramic Transducers 400ST/R160. Retrieved May 8, 2020 from http://www.farnell.com/datasheets/1686089.pdf?_ga=2.256607115.1881374495.1588917674-2094016181.1588917674
[3]
National Instruments. 2019. NI myDAQ Device Specifications. Retrieved May 8, 2020 from https://www.ni.com/pdf/manuals/373061g.pdf
[4]
Silvija Kokalj-Filipovic, Morriel Kasher, Michael Zhao, and Predrag Spasojevic. 2020. Detecting Acoustic Backdoor Transmission of Inaudible Messages Using Deep Learning. In Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning (Linz, Austria) (WiseML '20). Association for Computing Machinery, New York, NY, USA, 80--85. https://doi.org/10.1145/3395352.3402629
[5]
Test Equipment Solutions Ltd. 2019. Arbitrary/Function Generators. Retrieved May 8, 2020 from http://www.testequipmenthq.com/datasheets/TEKTRONIX-AFG3021-Datasheet.pdf
[6]
Yao Qin, Nicholas Carlini, Ian Goodfellow, Garrison Cottrell, and Colin Raffel. 2019. Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition. arXiv:1903.10346 [eess.AS]
[7]
Nirupam Roy, Haitham Hassanieh, and Roy Romit Choudhury. 2017. BackDoor: Making Microphones Hear Inaudible Sounds. MobiSys, Article 5 (June 2017). https://doi.org/10.1145/3081333.3081366
[8]
Liwei Song and Prateek Mittal. 2017. POSTER: Inaudible Voice Commands. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS '17). Association for Computing Machinery, New York, NY, USA, 2583--2585. https://doi.org/10.1145/3133956.3138836
[9]
Hiromu Yakura and Jun Sakuma. 2018. Robust Audio Adversarial Example for a Physical Attack. CoRR abs/1810.11793 (2018). arXiv:1810.11793 http://arxiv.org/abs/1810.11793
[10]
Yuan, Xuejing et al. 2018. Commandersong: A Systematic Approach for Practical Adversarial Voice Recognition. In the 27th USENIX Conf. on Security.
[11]
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu. 2017. DolphinAttack: Inaudible Voice Commands. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS '17). Association for Computing Machinery, New York, NY, USA, 103--117. https://doi.org/10.1145/3133956.3134052

Cited By

View all
  • (2023)The Silent Manipulator: A Practical and Inaudible Backdoor Attack against Speech Recognition SystemsProceedings of the 31st ACM International Conference on Multimedia10.1145/3581783.3613843(7849-7858)Online publication date: 26-Oct-2023
  • (2023)Security and privacy problems in voice assistant applicationsComputers and Security10.1016/j.cose.2023.103448134:COnline publication date: 1-Nov-2023

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
WiseML '21: Proceedings of the 3rd ACM Workshop on Wireless Security and Machine Learning
June 2021
104 pages
ISBN:9781450385619
DOI:10.1145/3468218
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 June 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. BackDoor channel
  2. adversarial audio
  3. inaudible voice commands
  4. neural networks
  5. ultrasonic acoustics

Qualifiers

  • Short-paper
  • Research
  • Refereed limited

Conference

WiSec '21

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)16
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)The Silent Manipulator: A Practical and Inaudible Backdoor Attack against Speech Recognition SystemsProceedings of the 31st ACM International Conference on Multimedia10.1145/3581783.3613843(7849-7858)Online publication date: 26-Oct-2023
  • (2023)Security and privacy problems in voice assistant applicationsComputers and Security10.1016/j.cose.2023.103448134:COnline publication date: 1-Nov-2023

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media