Shu Wang (George Mason University), Kun Sun (George Mason University), Qi Li (Tsinghua University)

Automatic speech recognition (ASR) provides diverse audio-to-text services for humans to communicate with machines. However, recent research reveals ASR systems are vulnerable to various malicious audio attacks. In particular, by removing the non-essential frequency components, a new spectrum reduction attack can generate adversarial audios that can be perceived by humans but cannot be correctly interpreted by ASR systems. It raises a new challenge for content moderation solutions to detect harmful content in audio and video available on social media platforms. In this paper, we propose an acoustic compensation system named ACE to counter the spectrum reduction attacks over ASR systems. Our system design is based on two observations, namely, frequency component dependencies and perturbation sensitivity. First, since the Discrete Fourier Transform computation inevitably introduces spectral leakage and aliasing effects to the audio frequency spectrum, the frequency components with similar frequencies will have a high correlation. Thus, considering the intrinsic dependencies between neighboring frequency components, it is possible to recover more of the original audio by compensating for the removed components based on the remaining ones. Second, since the removed components in the spectrum reduction attacks can be regarded as an inverse of adversarial noise, the attack success rate will decrease when the adversarial audio is replayed in an over-the-air scenario. Hence, we can model the acoustic propagation process to add over-the-air perturbations into the attacked audio. We implement a prototype of ACE and the experiments show that ACE can effectively reduce up to 87.9% of ASR inference errors caused by spectrum reduction attacks. Furthermore, by analyzing the residual errors on real audio samples, we summarize six general types of ASR inference errors and investigate the error causes and potential mitigation solutions.

View More Papers

The CURE to Vulnerabilities in RPKI Validation

Donika Mirdita (Technische Universität Darmstadt), Haya Shulman (Goethe-Universität Frankfurt), Niklas Vogel (Goethe-Universität Frankfurt), Michael Waidner (Technische Universität Darmstadt, Fraunhofer SIT)

Read More

Experimental Analyses of the Physical Surveillance Risks in Client-Side...

Ashish Hooda (University of Washington), Andrey Labunets (UC San Diego), Tadayoshi Kohno (University of Washington), Earlence Fernandes (UC San Diego)

Read More

From Interaction to Independence: zkSNARKs for Transparent and Non-Interactive...

Shahriar Ebrahimi (IDEAS-NCBR), Parisa Hassanizadeh (IDEAS-NCBR)

Read More

SigmaDiff: Semantics-Aware Deep Graph Matching for Pseudocode Diffing

Lian Gao (University of California Riverside), Yu Qu (University of California Riverside), Sheng Yu (University of California, Riverside & Deepbits Technology Inc.), Yue Duan (Singapore Management University), Heng Yin (University of California, Riverside & Deepbits Technology Inc.)

Read More