TY - GEN
T1 - Adversarial Command Detection Using Parallel Speech Recognition Systems
AU - Cheng, Peng
AU - Arun Sankar, M. S.
AU - Bagci, Ibrahim Ethem
AU - Roedig, Utz
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Personal Voice Assistants (PVAs) such as Apple’s Siri, Amazon’s Alexa and Google Home are now commonplace. PVAs are susceptible to adversarial commands; an attacker is able to modify an audio signal such that humans do not notice this modification but the Speech Recognition (SR) will recognise a command of the attacker’s choice. In this paper we describe a defence method against such adversarial commands. By using a second SR in parallel to the main SR of the PVA it is possible to detect adversarial commands. It is difficult for an attacker to craft an adversarial command that is able to force two different SR into recognising the adversarial command while ensuring inaudibility. We demonstrate the feasibility of this defence mechanism for practical setups. For instance, our evaluation shows that such system can be tuned to detect 50% of adversarial commands while not impacting on normal PVA use.
AB - Personal Voice Assistants (PVAs) such as Apple’s Siri, Amazon’s Alexa and Google Home are now commonplace. PVAs are susceptible to adversarial commands; an attacker is able to modify an audio signal such that humans do not notice this modification but the Speech Recognition (SR) will recognise a command of the attacker’s choice. In this paper we describe a defence method against such adversarial commands. By using a second SR in parallel to the main SR of the PVA it is possible to detect adversarial commands. It is difficult for an attacker to craft an adversarial command that is able to force two different SR into recognising the adversarial command while ensuring inaudibility. We demonstrate the feasibility of this defence mechanism for practical setups. For instance, our evaluation shows that such system can be tuned to detect 50% of adversarial commands while not impacting on normal PVA use.
UR - https://www.scopus.com/pages/publications/85125239069
U2 - 10.1007/978-3-030-95484-0_15
DO - 10.1007/978-3-030-95484-0_15
M3 - Conference proceeding
AN - SCOPUS:85125239069
SN - 9783030954833
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 238
EP - 255
BT - Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE, 2021
A2 - Katsikas, Sokratis
A2 - Lambrinoudakis, Costas
A2 - Cuppens, Nora
A2 - Mylopoulos, John
A2 - Kalloniatis, Christos
A2 - Meng, Weizhi
A2 - Furnell, Steven
A2 - Pallas, Frank
A2 - Pohle, Jörg
A2 - Sasse, M. Angela
A2 - Abie, Habtamu
A2 - Ranise, Silvio
A2 - Verderame, Luca
A2 - Cambiaso, Enrico
A2 - Maestre Vidal, Jorge
A2 - Sotelo Monge, Marco Antonio
PB - Springer Science and Business Media Deutschland GmbH
T2 - 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2021, 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021 and 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT and SECOMANE 2021 held in conjunction with 26th European Symposium on Research in Computer Security, ESORICS 2021
Y2 - 4 October 2021 through 8 October 2021
ER -