The Art of Deception: Robust Backdoor Attack using Dynamic Stacking of Triggers
This addresses security vulnerabilities in Machine Learning as a Service for users of speech recognition systems, representing an incremental advance in backdoor attack techniques.
The paper tackles the problem of covert backdoor attacks on speech recognition systems by introducing DynamicTrigger, a method that uses dynamic sound triggers like hand claps to corrupt samples indistinguishably, achieving high success rates in attacks while maintaining accuracy on clean data.
The area of Machine Learning as a Service (MLaaS) is experiencing increased implementation due to recent advancements in the AI (Artificial Intelligence) industry. However, this spike has prompted concerns regarding AI defense mechanisms, specifically regarding potential covert attacks from third-party providers that cannot be entirely trusted. Recent research has uncovered that auditory backdoors may use certain modifications as their initiating mechanism. DynamicTrigger is introduced as a methodology for carrying out dynamic backdoor attacks that use cleverly designed tweaks to ensure that corrupted samples are indistinguishable from clean. By utilizing fluctuating signal sampling rates and masking speaker identities through dynamic sound triggers (such as the clapping of hands), it is possible to deceive speech recognition systems (ASR). Our empirical testing demonstrates that DynamicTrigger is both potent and stealthy, achieving impressive success rates during covert attacks while maintaining exceptional accuracy with non-poisoned datasets.