SirenAttack: Generating Adversarial Audio for End-to-End Acoustic Systems

Tianyu Du, Shouling Ji, Jinfeng Li, Qinchen Gu, Ting Wang, Raheem Beyah

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Despite their immense popularity, deep learning-based acoustic systems are inherently vulnerable to adversarial attacks, wherein maliciously crafted audios trigger target systems to misbehave. In this paper, we present SirenAttack, a new class of attacks to generate adversarial audios. Compared with existing attacks, SirenAttack highlights with a set of significant features: (i) versatile - it is able to deceive a range of end-to-end acoustic systems under both white-box and black-box settings; (ii) effective - it is able to generate adversarial audios that can be recognized as specific phrases by target acoustic systems; and (iii) stealthy - it is able to generate adversarial audios indistinguishable from their benign counterparts to human perception. We empirically evaluate SirenAttack on a set of state-of-the-art deep learning-based acoustic systems (including speech command recognition, speaker recognition and sound event classification), with results showing the versatility, effectiveness, and stealthiness of SirenAttack. For instance, it achieves 99.45% attack success rate on the IEMOCAP dataset against the ResNet18 model, while the generated adversarial audios are also misinterpreted by multiple popular ASR platforms, including Google Cloud Speech, Microsoft Bing Voice, and IBM Speech-to-Text. We further evaluate three potential defense methods to mitigate such attacks, including adversarial training, audio downsampling, and moving average filtering, which leads to promising directions for further research.

Original languageEnglish (US)
Title of host publicationProceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
PublisherAssociation for Computing Machinery, Inc
Pages357-369
Number of pages13
ISBN (Electronic)9781450367509
DOIs
StatePublished - Oct 5 2020
Event15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 - Virtual, Online, Taiwan, Province of China
Duration: Oct 5 2020Oct 9 2020

Publication series

NameProceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020

Conference

Conference15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
CountryTaiwan, Province of China
CityVirtual, Online
Period10/5/2010/9/20

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'SirenAttack: Generating Adversarial Audio for End-to-End Acoustic Systems'. Together they form a unique fingerprint.

Cite this