APSEC 2022
Tue 6 - Fri 9 December 2022
Wed 7 Dec 2022 13:00 - 13:20 at Room2 - Machine Learning 1 Chair(s): Syful Islam

Abstract—Automatic speech recognition (ASR) models are used widely in applications for voice navigation and voice control of domestic appliances. ASRs have been misused by attackers to generate malicious outputs by attacking the deep learning component within ASRs. To assess the security and robustnesss of ASRs, we propose techniques within our framework SPAT that generate blackbox (agnostic to the DNN) adversarial attacks that are portable across ASRs. This is in contrast to existing work that focuses on whitebox attacks that are time consuming and lack portability.

Our techniques generate adversarial attacks that have no human audible difference by manipulating the input speech signal using a psychoacoustic model that maintains the audio perturbations below the thresholds of human perception. We propose a framework SPAT with three attack generation techniques based on the psychoacoustic concept and frame selection techniques to selectively target the attack. We evaluate portability and effectiveness of our techniques using three popular ASRs and two input audio datasets using the metrics - Word Error Rate (WER) of output transcription, Similarity to original audio, attack Success Rate on different ASRs and Detection score by a defense system. We found our adversarial attacks were portable across ASRs, not easily detected by a state-of-the-art defense system, and had significant difference in output transcriptions while sounding similar to original audio.

Wed 7 Dec

Displayed time zone: Osaka, Sapporo, Tokyo change

13:00 - 14:00
Machine Learning 1Technical Track at Room2
Chair(s): Syful Islam Nara Institute of Science and Technology
Catch Me If You Can: Blackbox Adversarial Attacks on Automatic Speech Recognition using Frequency Masking
Technical Track
Xiaoliang Wu University of Edinburgh, Ajitha Rajan University of Edinburgh
Code Question Answering via Task-Adaptive Sequence-to-Sequence Pre-training
Technical Track
Tingrui Yu School of Software, Shanghai Jiao Tong University, Beijun Shen School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Xiaodong Gu Shanghai Jiao Tong University