DUAP: Dual-task Universal Adversarial Perturbations Against Voice Control Systems
This addresses a security vulnerability in voice-controlled devices by overcoming the limitations of prior single-task attacks, though it is incremental in improving transferability and imperceptibility.
The paper tackles the problem of adversarial attacks on Voice Control Systems by proposing DUAP, a dual-task universal adversarial perturbation that simultaneously disrupts Automatic Speech Recognition and Speaker Recognition, achieving high attack success rates and superior imperceptibility across multiple models.
Modern Voice Control Systems (VCS) rely on the collaboration of Automatic Speech Recognition (ASR) and Speaker Recognition (SR) for secure interaction. However, prior adversarial attacks typically target these tasks in isolation, overlooking the coupled decision pipeline in real-world scenarios. Consequently, single-task attacks often fail to pose a practical threat. To fill this gap, we first utilize gradient analysis to reveal that ASR and SR exhibit no inherent conflicts. Building on this, we propose Dual-task Universal Adversarial Perturbation (DUAP). Specifically, DUAP employs a targeted surrogate objective to effectively disrupt ASR transcription and introduces a Dynamic Normalized Ensemble (DNE) strategy to enhance transferability across diverse SR models. Furthermore, we incorporate psychoacoustic masking to ensure perturbation imperceptibility. Extensive evaluations across five ASR and six SR models demonstrate that DUAP achieves high simultaneous attack success rates and superior imperceptibility, significantly outperforming existing single-task baselines.