SaTC: CORE: Medium: Securing the Voice Processing Pipeline Against Adversarial Audio

SaTC：核心：中：保护语音处理管道免受对抗性音频的影响

• 批准号: 1933208
• 负责人: Patrick Traynor
• 金额: $ 120万
• 依托单位: University of Florida
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1933208&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Securing; Voice

In a world in which many new computing devices have limited or no traditional user interface (e.g., smart thermostats, personal digital assistants including Amazon's Alexa, etc), voice interfaces are becoming a primary means of interaction. Such systems not only simplify interaction with conventional devices for traditional users, but also promote broader inclusion for both the elderly and those with disabilities. These interfaces have been made significantly more accurate in recent years through the application of deep learning techniques; however, these techniques are subject to a number of attacks using modified audio. While previous researchers have demonstrated such attacks using significant knowledge of specific deep learning models, our initial work demonstrates that knowledge of signal processing (or how voices are turned into the inputs deep learning models require) can create attacks that work across a wide variety of systems. The work proposed in this grant will allow us to fully characterize the security challenges in the space between signal processing and deep learning, and to develop strong defenses to ensure that these systems can continue to operate in the presence of malicious inputs. A wide range of systems, from the Internet of Things (IoT) to infrastructure such as air traffic control, will benefit from improved resilience to malicious audio. This effort is focused on the design methods and tools to protect the entire voice processing pipeline. In our view, this naturally segments our efforts into three logical thrusts, beginning with an in-depth analysis of the algorithms used for audio preprocessing and an investigation of comprehensibility metrics from the field of psychoacoustics. These efforts naturally lead into our second thrust, which focuses on the algorithms used in the second step of the audio processing pipeline. Here, we exploit weaknesses in the most popular feature extraction algorithms to produce new attacks, and then develop defenses against such attacks and techniques to protect speaker privacy. Our final thrust investigates the impact of attacks in the two previous thrusts and their impact on the underlying machine learning algorithms. With these insights, we will investigate additional methods of protecting particularly vulnerable layers of models against these attacks. The researchers possess the unique expertise in areas including information security, voice interfaces, adversarial machine learning, privacy-preserving data synthesis, and statistical signal processing.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在当今世界，许多新型计算设备只有有限的或没有传统的用户界面（例如，智能恒温器、包括亚马逊Alexa在内的个人数字助理等），语音界面正在成为一种主要的交互方式。这种系统不仅简化了传统用户与传统设备的交互，而且还促进了老年人和残疾人更广泛的融合。近年来，通过应用深度学习技术，这些接口已经变得更加准确；然而，这些技术受到许多使用修改音频的攻击。虽然以前的研究人员已经使用特定深度学习模型的重要知识证明了这种攻击，但我们的初步工作表明，信号处理（或如何将声音转化为深度学习模型所需的输入）的知识可以创建跨各种系统的攻击。本授权中提出的工作将使我们能够充分表征信号处理和深度学习之间的安全挑战，并开发强大的防御措施，以确保这些系统能够在存在恶意输入的情况下继续运行。从物联网（IoT）到空中交通管制等基础设施，各种系统都将受益于对恶意音频的增强抵御能力。这一努力的重点是设计方法和工具，以保护整个语音处理管道。在我们看来，这自然会将我们的努力分成三个逻辑重点，首先是对音频预处理算法的深入分析，以及对心理声学领域的可理解性指标的调查。这些努力自然导致了我们的第二个重点，即专注于音频处理管道第二步中使用的算法。在这里，我们利用最流行的特征提取算法中的弱点来产生新的攻击，然后开发针对此类攻击的防御和技术来保护说话人的隐私。我们的最后一篇文章研究了前两篇文章中攻击的影响及其对底层机器学习算法的影响。有了这些见解，我们将研究保护特别脆弱的模型层免受这些攻击的其他方法。研究人员在信息安全、语音接口、对抗性机器学习、保护隐私的数据合成和统计信号处理等领域拥有独特的专业知识。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

EMI-LiDAR: Uncovering Vulnerabilities of LiDAR Sensors in Autonomous Driving Setting using Electromagnetic Interference

• DOI: 10.1145/3558482.3590192
• 发表时间: 2023-05
• 期刊: Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
• 作者: Sri Hrushikesh Varma Bhupathiraju;Jennifer Sheldon;L. A. Bauer;Vincent Bindschaedler;Takeshi Sugawara;Sara Rampazzi

Beyond Lp clipping: Equalization-based Psychoacoustic Attacks against ASRs

• 发表时间: 2021-10
• 作者: H. Abdullah;Muhammad Sajidur Rahman;Christian Peeters;Cassidy Gibson;Washington Garcia;Vincent Bindschaedler;T. Shrimpton;Patrick Traynor

Demystifying Limited Adversarial Transferability in Automatic Speech Recognition Systems

• 发表时间: 2022
• 作者: H. Abdullah;Aditya Karlekar;Vincent Bindschaedler;Patrick Traynor

SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems

• DOI: 10.1109/sp40001.2021.00014
• 发表时间: 2020-07
• 期刊: 2021 IEEE Symposium on Security and Privacy (SP)
• 作者: H. Abdullah;Kevin Warren;Vincent Bindschaedler;Nicolas Papernot;Patrick Traynor