AudioFool: Fast, Universal and synchronization-free Cross-Domain Attack on Speech Recognition
This addresses security risks for ASR systems in real-world scenarios, though it is incremental as it builds on existing adversarial attack research.
The authors tackled the vulnerability of Automatic Speech Recognition systems to Over-The-Air adversarial attacks by designing a method to generate attacks that are invariant to synchronization and robust to filtering, enabling Denial-of-Service attacks.
Automatic Speech Recognition systems have been shown to be vulnerable to adversarial attacks that manipulate the command executed on the device. Recent research has focused on exploring methods to create such attacks, however, some issues relating to Over-The-Air (OTA) attacks have not been properly addressed. In our work, we examine the needed properties of robust attacks compatible with the OTA model, and we design a method of generating attacks with arbitrary such desired properties, namely the invariance to synchronization, and the robustness to filtering: this allows a Denial-of-Service (DoS) attack against ASR systems. We achieve these characteristics by constructing attacks in a modified frequency domain through an inverse Fourier transform. We evaluate our method on standard keyword classification tasks and analyze it in OTA, and we analyze the properties of the cross-domain attacks to explain the efficiency of the approach.