ALIF: Low-cost Adversarial Audio Attacks On Black-box Speech Platforms Using Linguistic Features
2024 Β· Peng Cheng, Yuwei Wang, Peng Huang, et al.
Abstract
Extensive research has revealed that adversarial examples (AE) pose a significant threat to voice-controllable smart devices. Recent studies have proposed black-box adversarial attacks that require only the final transcription from an automatic speech recognition (ASR) system. However, these attacks typically involve many queries to the ASR, resulting in substantial costs. Moreover, AE-based adversarial audio samples are susceptible to ASR updates. In this paper, we identify the root cause of these limitations, namely the inability to construct AE attack samples directly around the decision boundary of deep learning (DL) models. Building on this observation, we propose ALIF, the first black-box adversarial linguistic feature-based attack pipeline. We leverage the reciprocal process of text-to-speech (TTS) and ASR models to generate perturbations in the linguistic embedding space where the decision boundary resides. Based on the ALIF pipeline, we present the ALIF-OTL and ALIF-OTA scheme
Authors
(none)
Tags
Stats
Related papers
- Targeted Adversarial Examples For Black Box Audio Systems (2018)15.75
- Zero-query Adversarial Attack On Black-box Automatic Speech Recognition Systems (2024)8.60
- Advwave: Stealthy Adversarial Jailbreak Attack Against Large Audio-language Models (2024)0.00
- Malafide: A Novel Adversarial Convolutive Noise Attack Against Deepfake And Spoofing Detection Systems (2023)7.50
- SA: Sliding Attack For Synthetic Speech Detection With Resistance To Clipping And Self-splicing (2022)0.00
- Inaudible Adversarial Perturbations For Targeted Attack In Speaker Recognition (2020)12.33
- Adversarial Attacks Against Automatic Speech Recognition Systems Via Psychoacoustic Hiding (2018)16.45
- Distriblock: Identifying Adversarial Audio Samples By Leveraging Characteristics Of The Output Distribution (2023)0.00