LaserAdv: Laser Adversarial Attacks on Speech Recognition Systems

Authors: 

Guoming Zhang, Xiaohui Ma, Huiting Zhang, and Zhijie Xiang, Shandong University; Xiaoyu Ji, Zhejiang University; Yanni Yang, Xiuzhen Cheng, and Pengfei Hu, Shandong University

Abstract: 

Audio adversarial perturbations are imperceptible to humans but can mislead machine learning models, posing a security threat to automatic speech recognition (ASR) systems. Existing methods aim to minimize perturbation values, use acoustic masking, or mimic environmental sounds to render them undetectable. However, these perturbations, being audible frequency range sounds, are still audibly detectable. The slow propagation and rapid attenuation of sound limit their temporal sensitivity and attack range. In this study, we propose LaserAdv, a method that employs lasers to launch adversarial attacks, thereby overcoming the aforementioned challenges due to the superior properties of lasers. In the presence of victim speech, laser adversarial perturbations are superimposed on the speech rather than simply drowning it out, so LaserAdv has higher attack efficiency and longer attack range than LightCommands. LaserAdv introduces a selective amplitude enhancement method based on time-frequency interconversion (SAE-TFI) to deal with distortion. Meanwhile, to simultaneously achieve inaudible, targeted, universal, synchronization-free (over 0.5 s), long-range, and black-box attacks in the physical world, we introduced a series of strategies into the objective function. Our experimental results show that a single perturbation can cause DeepSpeech, Whisper and iFlytek, to misinterpret any of the 12,260 voice commands as the target command with accuracy of up to 100%, 92% and 88%, respectively. The attack distance can be up to 120 m.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299709,
author = {Guoming Zhang and Xiaohui Ma and Huiting Zhang and Zhijie Xiang and Xiaoyu Ji and Yanni Yang and Xiuzhen Cheng and Pengfei Hu},
title = {{LaserAdv}: Laser Adversarial Attacks on Speech Recognition Systems},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {3945--3961},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/zhang-guoming},
publisher = {USENIX Association},
month = aug
}

Presentation Video