Tubes Among Us: Analog Attack on Automatic Speaker Identification

• URL: http://arxiv.org/abs/2202.02751v2
• Date: Sat, 27 May 2023 21:51:00 GMT
• Title: Tubes Among Us: Analog Attack on Automatic Speaker Identification
• Authors: Shimaa Ahmed, Yash Wani, Ali Shahin Shamsabadi, Mohammad Yaghini, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz
• Abstract summary: We show that a human is capable of producing analog adversarial examples directly with little cost and supervision. Our findings extend to a range of other acoustic-biometric tasks such as liveness detection, bringing into question their use in security-critical settings in real life.
• Score: 37.42266692664095
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Recent years have seen a surge in the popularity of acoustics-enabled personal devices powered by machine learning. Yet, machine learning has proven to be vulnerable to adversarial examples. A large number of modern systems protect themselves against such attacks by targeting artificiality, i.e., they deploy mechanisms to detect the lack of human involvement in generating the adversarial examples. However, these defenses implicitly assume that humans are incapable of producing meaningful and targeted adversarial examples. In this paper, we show that this base assumption is wrong. In particular, we demonstrate that for tasks like speaker identification, a human is capable of producing analog adversarial examples directly with little cost and supervision: by simply speaking through a tube, an adversary reliably impersonates other speakers in eyes of ML models for speaker identification. Our findings extend to a range of other acoustic-biometric tasks such as liveness detection, bringing into question their use in security-critical settings in real life, such as phone banking.

Related papers

• The defender's perspective on automatic speaker verification: An overview [87.83259209657292]
  The reliability of automatic speaker verification (ASV) has been undermined by the emergence of spoofing attacks. The aim of this paper is to provide a thorough and systematic overview of the defense methods used against these types of attacks.
  arXiv  Detail & Related papers  (2023-05-22T08:01:59Z)
• Deepfake audio detection by speaker verification [79.99653758293277]
  We propose a new detection approach that leverages only the biometric characteristics of the speaker, with no reference to specific manipulations. The proposed approach can be implemented based on off-the-shelf speaker verification tools. We test several such solutions on three popular test sets, obtaining good performance, high generalization ability, and high robustness to audio impairment.
  arXiv  Detail & Related papers  (2022-09-28T13:46:29Z)
• Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems [80.3811072650087]
  We show that it is possible to subtly modify claim-salient snippets in the evidence and generate diverse and claim-aligned evidence. The attacks are also robust against post-hoc modifications of the claim. These attacks can have harmful implications on the inspectable and human-in-the-loop usage scenarios.
  arXiv  Detail & Related papers  (2022-09-07T13:39:24Z)
• Illusory Attacks: Information-Theoretic Detectability Matters in Adversarial Attacks [76.35478518372692]
  We introduce epsilon-illusory, a novel form of adversarial attack on sequential decision-makers. Compared to existing attacks, we empirically find epsilon-illusory to be significantly harder to detect with automated methods. Our findings suggest the need for better anomaly detectors, as well as effective hardware- and system-level defenses.
  arXiv  Detail & Related papers  (2022-07-20T19:49:09Z)
• On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples [19.433014444284595]
  We introduce surreptitious adversarial examples, a new class of attacks that evades both human and pipeline controls. We show that this attack produces audio samples that are more surreptitious than previous attacks that aim solely for imperceptibility.
  arXiv  Detail & Related papers  (2021-08-03T16:21:08Z)
• Dompteur: Taming Audio Adversarial Examples [28.54699912239861]
  Adversarial examples allow attackers to arbitrarily manipulate machine learning systems. In this paper we propose a different perspective: We accept the presence of adversarial examples against ASR systems, but we require them to be perceivable by human listeners. By applying the principles of psychoacoustics, we can remove semantically irrelevant information from the ASR input and train a model that resembles human perception more closely.
  arXiv  Detail & Related papers  (2021-02-10T13:53:32Z)
• Backdoor Attack against Speaker Verification [86.43395230456339]
  We show that it is possible to inject the hidden backdoor for infecting speaker verification models by poisoning the training data. We also demonstrate that existing backdoor attacks cannot be directly adopted in attacking speaker verification.
  arXiv  Detail & Related papers  (2020-10-22T11:10:08Z)
• Adversarial Attacks on Deep Learning Systems for User Identification based on Motion Sensors [24.182791316595576]
  This study focuses on deep learning methods for explicit authentication based on motion sensor signals. In this scenario, attackers could craft adversarial examples with the aim of gaining unauthorized access. To our knowledge, this is the first study that aims at quantifying the impact of adversarial attacks on machine learning models.
  arXiv  Detail & Related papers  (2020-09-02T14:35:05Z)
• Adversarial Attack and Defense Strategies for Deep Speaker Recognition Systems [44.305353565981015]
  This paper considers several state-of-the-art adversarial attacks to a deep speaker recognition system, employing strong defense methods as countermeasures. Experiments show that the speaker recognition systems are vulnerable to adversarial attacks, and the strongest attacks can reduce the accuracy of the system from 94% to even 0%.
  arXiv  Detail & Related papers  (2020-08-18T00:58:19Z)
• SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems [28.635467696564703]
  We show that the end-to-end architecture of speech and speaker systems makes attacks and defenses against them substantially different than those in the image space. We then demonstrate experimentally that attacks against these models almost universally fail to transfer.
  arXiv  Detail & Related papers  (2020-07-13T18:52:25Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.