Adversarial command detection using parallel Speech Recognition systems

Loading...
Thumbnail Image
Date
2021-10
Authors
Cheng, Peng
Sankar, M. S. Arun
Bagci, Ibrahim Ethem
Roedig, Utz
Journal Title
Journal ISSN
Volume Title
Publisher
Springer
Research Projects
Organizational Units
Journal Issue
Abstract
Personal Voice Assistants (PVAs) such as Apple's Siri, Amazon's Alexa and Google Home are now commonplace. PVAs are susceptible to adversarial commands; an attacker is able to modify an audio signal such that humans do not notice this modification but the Speech Recognition (SR) will recognise a command of the attacker's choice. In this paper we describe a defence method against such adversarial commands. By using a second SR in parallel to the main SR of the PVA it is possible to detect adversarial commands. It is difficult for an attacker to craft an adversarial command that is able to force two different SR into recognising the adversarial command while ensuring inaudibility. We demonstrate the feasibility of this defence mechanism for practical setups. For instance, our evaluation shows that such system can be tuned to detect 50% of adversarial commands while not impacting on normal PVA use.
Description
Keywords
Personal Voice Assistants , PVAs , Speech Recognition , SR , Adversarial commands
Citation
Cheng, P., Sankar M. S., A., Bagci, I. E. and Roedig,U. (2021) 'Adversarial command detection using parallel Speech Recognition systems’, ESORICS 2021, 26th European Symposium on Research in Computer Security, Lecture Notes in Computer Science, 13106, pp. 238-255. doi: 10.1007/978-3-030-95484-0_15