Cybersecurity (Jun 2024)

CommanderUAP: a practical and transferable universal adversarial attacks on speech recognition models

  • Zheng Sun,
  • Jinxiao Zhao,
  • Feng Guo,
  • Yuxuan Chen,
  • Lei Ju

DOI
https://doi.org/10.1186/s42400-024-00218-8
Journal volume & issue
Vol. 7, no. 1
pp. 1 – 20

Abstract

Read online

Abstract Most of the adversarial attacks against speech recognition systems focus on specific adversarial perturbations, which are generated by adversaries for each normal example to achieve the attack. Universal adversarial perturbations (UAPs), which are independent of the examples, have recently received wide attention for their enhanced real-time applicability and expanded threat range. However, most of the UAP research concentrates on the image domain, and less on speech. In this paper, we propose a staged perturbation generation method that constructs CommanderUAP, which achieves a high success rate of universal adversarial attack against speech recognition models. Moreover, we apply some methods from model training to improve the generalization in attack and we control the imperceptibility of the perturbation in both time and frequency domains. In specific scenarios, CommanderUAP can also transfer attack some commercial speech recognition APIs.

Keywords