Rui Duan (University of South Florida), Zhe Qu (Central South University), Leah Ding (American University), Yao Liu (University of South Florida), Zhuo Lu (University of South Florida)

Audio adversarial examples (AEs) have posed significant security challenges to real-world speaker recognition systems. Most black-box attacks still require certain information from the speaker recognition model to be effective (e.g., keeping probing and requiring the knowledge of similarity scores). This work aims to push the practicality of the black-box attacks by minimizing the attacker's knowledge about a target speaker recognition model. Although it is not feasible for an attacker to succeed with completely zero knowledge, we assume that the attacker only knows a short (or a few seconds) speech sample of a target speaker. Without any probing to gain further knowledge about the target model, we propose a new mechanism, called parrot training, to generate AEs against the target model. Motivated by recent advancements in voice conversion, we propose to use the one short sentence knowledge to generate more synthetic speech samples that sound like the target speaker, called parrot speech. Then, we use these parrot speech samples to train a parrot-trained (PT) surrogate model for the attacker. Under a joint transferability and perception framework, we investigate different ways to generate AEs on the PT model (called PT-AEs) to ensure the PT-AEs can be generated with high transferability to a black-box target model with good human perceptual quality. Real-world experiments show that the resultant PT-AEs achieve the attack success rates of 45.8%-80.8% against the open-source models in the digital-line scenario and 47.9%-58.3% against smart devices, including Apple HomePod (Siri), Amazon Echo, and Google Home, in the over-the-air scenario.

View More Papers

Towards Automated Regulation Analysis for Effective Privacy Compliance

Sunil Manandhar (IBM T.J. Watson Research Center), Kapil Singh (IBM T.J. Watson Research Center), Adwait Nadkarni (William & Mary)

Read More

Abusing the Ethereum Smart Contract Verification Services for Fun...

Pengxiang Ma (Huazhong University of Science and Technology), Ningyu He (Peking University), Yuhua Huang (Huazhong University of Science and Technology), Haoyu Wang (Huazhong University of Science and Technology), Xiapu Luo (The Hong Kong Polytechnic University)

Read More

MASTERKEY: Automated Jailbreaking of Large Language Model Chatbots

Gelei Deng (Nanyang Technological University), Yi Liu (Nanyang Technological University), Yuekang Li (University of New South Wales), Kailong Wang (Huazhong University of Science and Technology), Ying Zhang (Virginia Tech), Zefeng Li (Nanyang Technological University), Haoyu Wang (Huazhong University of Science and Technology), Tianwei Zhang (Nanyang Technological University), Yang Liu (Nanyang Technological University)

Read More

Decentralized Information-Flow Control for ROS2

Nishit V. Pandya (Indian Institute of Science Bangalore), Himanshu Kumar (Indian Institute of Science Bangalore), Gokulnath M. Pillai (Indian Institute of Science Bangalore), Vinod Ganapathy (Indian Institute of Science Bangalore)

Read More