Adversarial training to prevent wake word jamming in Personal Voice Assistants

Thumbnail Image
Files
Date
2024-05
Authors
Sagi, Prathyusha
Sankar, Arun
Roedig, Utz
Journal Title
Journal ISSN
Volume Title
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Published Version
10.1109/DCOSS-IoT61029.2024.00018
Research Projects
Organizational Units
Journal Issue
Abstract
Wake word detection algorithms in Personal Voice Assistants (PVAs) are not designed to handle acoustic Denial of Service (DoS) attacks. We show that adversarial training can be used to improve the resilience of wake word detection against jamming attacks. We demonstrate that the inclusion of jammed wake word samples (adversarial samples) in the training phase of a wake word detection algorithm can defeat jamming attacks. The careful selection of the jamming signal type used during training ensures that wake word recognition is also resilient against jamming signals unknown during training; defeating a priori unknown jamming signal types is possible. We optimize the adversarial training effort by identifying areas of the wake word that are highly susceptible to acoustic interference, which guides our generation of adversarial training samples. We demonstrate the success of the proposed approach using a variety of wake words and two different wake word detection algorithms.
Description
Keywords
Personal Voice Assistant (PVA) , Wake word detection , Acoustic jamming , Adversarial training
Citation
Sagi, P., Sankar, A. and Roedig, U. (2024) 'Adversarial training to prevent wake word jamming in Personal Voice Assistants', 20th International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT 2024), Abu Dhabi, United Arab Emirates, 29 April - 1 May 2024. https://doi.org/10.1109/DCOSS-IoT61029.2024.00018
Link to publisher’s version
URI
https://hdl.handle.net/10468/15924
Collections
Computer Science - Conference Items
Copyright
© 2024, IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.