NUANCE: Near Ultrasound Attack On Networked Communication Environments
- URL: http://arxiv.org/abs/2305.10358v2
- Date: Mon, 22 May 2023 23:32:11 GMT
- Title: NUANCE: Near Ultrasound Attack On Networked Communication Environments
- Authors: Forrest McKee and David Noever
- Abstract summary: This study investigates a primary inaudible attack vector on Amazon Alexa voice services using near ultrasound trojans.
The research maps each attack vector to a tactic or technique from the MITRE ATT&CK matrix.
The experiment involved generating and surveying fifty near-ultrasonic audios to assess the attacks' effectiveness.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: This study investigates a primary inaudible attack vector on Amazon Alexa
voice services using near ultrasound trojans and focuses on characterizing the
attack surface and examining the practical implications of issuing inaudible
voice commands. The research maps each attack vector to a tactic or technique
from the MITRE ATT&CK matrix, covering enterprise, mobile, and Industrial
Control System (ICS) frameworks. The experiment involved generating and
surveying fifty near-ultrasonic audios to assess the attacks' effectiveness,
with unprocessed commands having a 100% success rate and processed ones
achieving a 58% overall success rate. This systematic approach stimulates
previously unaddressed attack surfaces, ensuring comprehensive detection and
attack design while pairing each ATT&CK Identifier with a tested defensive
method, providing attack and defense tactics for prompt-response options. The
main findings reveal that the attack method employs Single Upper Sideband
Amplitude Modulation (SUSBAM) to generate near-ultrasonic audio from audible
sources, transforming spoken commands into a frequency range beyond human-adult
hearing. By eliminating the lower sideband, the design achieves a 6 kHz minimum
from 16-22 kHz while remaining inaudible after transformation. The research
investigates the one-to-many attack surface where a single device
simultaneously triggers multiple actions or devices. Additionally, the study
demonstrates the reversibility or demodulation of the inaudible signal,
suggesting potential alerting methods and the possibility of embedding secret
messages like audio steganography.
Related papers
- Hidden in Plain Sound: Environmental Backdoor Poisoning Attacks on Whisper, and Mitigations [3.5639148953570836]
We propose a new poisoning approach that maps different environmental trigger sounds to target phrases of different lengths.
We test our approach on Whisper, one of the most popular transformer-based SR model, showing that it is highly vulnerable to our attack.
To mitigate the attack proposed in this paper, we investigate the use of Silero VAD, a state-of-the-art voice activity detection (VAD) model, as a defence mechanism.
arXiv Detail & Related papers (2024-09-19T08:21:52Z) - Towards Evaluating the Robustness of Automatic Speech Recognition Systems via Audio Style Transfer [8.948537516293328]
We propose an attack on Automatic Speech Recognition (ASR) systems based on user-customized style transfer.
Our method can meet the need for user-customized styles and achieve a success rate of 82% in attacks.
arXiv Detail & Related papers (2024-05-15T16:05:24Z) - Towards Stealthy Backdoor Attacks against Speech Recognition via
Elements of Sound [9.24846124692153]
Deep neural networks (DNNs) have been widely and successfully adopted and deployed in various applications of speech recognition.
In this paper, we revisit poison-only backdoor attacks against speech recognition.
We exploit elements of sound ($e.g.$, pitch and timbre) to design more stealthy yet effective poison-only backdoor attacks.
arXiv Detail & Related papers (2023-07-17T02:58:25Z) - Push-Pull: Characterizing the Adversarial Robustness for Audio-Visual
Active Speaker Detection [88.74863771919445]
We reveal the vulnerability of AVASD models under audio-only, visual-only, and audio-visual adversarial attacks.
We also propose a novel audio-visual interaction loss (AVIL) for making attackers difficult to find feasible adversarial examples.
arXiv Detail & Related papers (2022-10-03T08:10:12Z) - On the Detection of Adaptive Adversarial Attacks in Speaker Verification
Systems [0.0]
adversarial attacks, such as FAKEBOB, can work effectively against speaker verification systems.
The goal of this paper is to design a detector that can distinguish an original audio from an audio contaminated by adversarial attacks.
We show that our proposed detector is easy to implement, fast to process an input audio, and effective in determining whether an audio is corrupted by FAKEBOB attacks.
arXiv Detail & Related papers (2022-02-11T16:02:06Z) - Spotting adversarial samples for speaker verification by neural vocoders [102.1486475058963]
We adopt neural vocoders to spot adversarial samples for automatic speaker verification (ASV)
We find that the difference between the ASV scores for the original and re-synthesize audio is a good indicator for discrimination between genuine and adversarial samples.
Our codes will be made open-source for future works to do comparison.
arXiv Detail & Related papers (2021-07-01T08:58:16Z) - Improving the Adversarial Robustness for Speaker Verification by Self-Supervised Learning [95.60856995067083]
This work is among the first to perform adversarial defense for ASV without knowing the specific attack algorithms.
We propose to perform adversarial defense from two perspectives: 1) adversarial perturbation purification and 2) adversarial perturbation detection.
Experimental results show that our detection module effectively shields the ASV by detecting adversarial samples with an accuracy of around 80%.
arXiv Detail & Related papers (2021-06-01T07:10:54Z) - Speech Enhancement for Wake-Up-Word detection in Voice Assistants [60.103753056973815]
Keywords spotting and in particular Wake-Up-Word (WUW) detection is a very important task for voice assistants.
This paper proposes a Speech Enhancement model adapted to the task of WUW detection.
It aims at increasing the recognition rate and reducing the false alarms in the presence of these types of noises.
arXiv Detail & Related papers (2021-01-29T18:44:05Z) - WaveTransform: Crafting Adversarial Examples via Input Decomposition [69.01794414018603]
We introduce WaveTransform', that creates adversarial noise corresponding to low-frequency and high-frequency subbands, separately (or in combination)
Experiments show that the proposed attack is effective against the defense algorithm and is also transferable across CNNs.
arXiv Detail & Related papers (2020-10-29T17:16:59Z) - Class-Conditional Defense GAN Against End-to-End Speech Attacks [82.21746840893658]
We propose a novel approach against end-to-end adversarial attacks developed to fool advanced speech-to-text systems such as DeepSpeech and Lingvo.
Unlike conventional defense approaches, the proposed approach does not directly employ low-level transformations such as autoencoding a given input signal.
Our defense-GAN considerably outperforms conventional defense algorithms in terms of word error rate and sentence level recognition accuracy.
arXiv Detail & Related papers (2020-10-22T00:02:02Z) - Detecting Audio Attacks on ASR Systems with Dropout Uncertainty [40.9172128924305]
We show that our defense is able to detect attacks created through optimized perturbations and frequency masking.
We test our defense on Mozilla's CommonVoice dataset, the UrbanSound dataset, and an excerpt of the LibriSpeech dataset.
arXiv Detail & Related papers (2020-06-02T19:40:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.