Catch Me If You Can: Blackbox Adversarial Attacks on Automatic Speech Recognition using Frequency Masking

Xiaoliang Wu, Ajitha Rajan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Automatic speech recognition (ASR) models are used widely in applications for voice navigation and voice control of domestic appliances. ASRs have been misused by attackers to generate malicious outputs by attacking the deep learning component within ASRs. To assess the security and robustnesss of ASRs, we propose techniques within our framework SPAT that generate blackbox (agnostic to the DNN) adversarial attacks that are portable across ASRs. This is in contrast to existing work that focuses on whitebox attacks that are time consuming and lack portability.
Our techniques generate adversarial attacks that have no human audible difference by manipulating the input speech signal using a psychoacoustic model that maintains the audio perturbations below the thresholds of human perception. We propose a framework SPAT with three attack generation techniques based on the psychoacoustic concept and frame selection techniques to selectively target the attack. We evaluate portability and effectiveness of our techniques using three popular ASRs and two input audio datasets using the metrics - Word Error Rate (WER) of output transcription, Similarity to original audio, attack Success Rate on different ASRs and Detection score by a defense system. We found our adversarial attacks were portable across ASRs, not easily detected by a state-ofthe-art defense system, and had significant difference in output transcriptions while sounding similar to original audio
Original languageEnglish
Title of host publication2022 29th Asia-Pacific Software Engineering Conference
PublisherInstitute of Electrical and Electronics Engineers
Pages169-178
Number of pages10
ISBN (Electronic)9781665455374
ISBN (Print)9781665455381
DOIs
Publication statusPublished - 16 Feb 2023
Event29th Asia-Pacific Software Engineering Conference, 2022 - Online
Duration: 6 Dec 20229 Dec 2022
Conference number: 29
https://conf.researchr.org/home/apsec-2022

Publication series

NameAsia-Pacific Software Engineering Conference (APSEC)
PublisherIEEE
ISSN (Print)1530-1362
ISSN (Electronic)2640-0715

Conference

Conference29th Asia-Pacific Software Engineering Conference, 2022
Abbreviated titleAPSEC 2022
Period6/12/229/12/22
Internet address

Keywords / Materials (for Non-textual outputs)

  • Automatic Speech Recognition
  • Adversarial Attack
  • Blackbox
  • Frequency Masking

Fingerprint

Dive into the research topics of 'Catch Me If You Can: Blackbox Adversarial Attacks on Automatic Speech Recognition using Frequency Masking'. Together they form a unique fingerprint.

Cite this