Semi-black-box Attacks Against Speech Recognition Systems Using Adversarial Samples

Yi Wu, Jian Liu, Yingying Chen, Jerry Cheng

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

As automatic speech recognition (ASR) systems have been integrated into a diverse set of devices around us in recent years, security vulnerabilities of them have become an increasing concern for the public. Existing studies have demonstrated that deep neural networks (DNNs), acting as the computation core of ASR systems, is vulnerable to deliberately designed adversarial attacks. Based on the gradient descent algorithm, existing studies have successfully generated adversarial samples which can disturb ASR systems and produce adversary-expected transcript texts designed by adversaries. Most of these research simulated white-box attacks which require knowledge of all the components in the targeted ASR systems. In this work, we propose the first semi-black-box attack against the ASR system - Kaldi. Requiring only partial information from Kaldi and none from DNN, we can embed malicious commands into a single audio chip based on the gradient-independent genetic algorithm. The crafted audio clip could be recognized as the embedded malicious commands by Kaldi and unnoticeable to humans in the meanwhile. Experiments show that our attack can achieve high attack success rate with unnoticeable perturbations to three types of audio clips (pop music, pure music, and human command) without the need of the underlying DNN model parameters and architecture.

Original languageEnglish (US)
Title of host publication2019 IEEE International Symposium on Dynamic Spectrum Access Networks, DySPAN 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728123769
DOIs
StatePublished - Nov 2019
Event2019 IEEE International Symposium on Dynamic Spectrum Access Networks, DySPAN 2019 - Newark, United States
Duration: Nov 11 2019Nov 14 2019

Publication series

Name2019 IEEE International Symposium on Dynamic Spectrum Access Networks, DySPAN 2019

Conference

Conference2019 IEEE International Symposium on Dynamic Spectrum Access Networks, DySPAN 2019
Country/TerritoryUnited States
CityNewark
Period11/11/1911/14/19

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Keywords

  • Kaldi
  • adversarial samples
  • deep neural network
  • semi-black-box attacks
  • speech recognition

Fingerprint

Dive into the research topics of 'Semi-black-box Attacks Against Speech Recognition Systems Using Adversarial Samples'. Together they form a unique fingerprint.

Cite this