Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

The Art of Deception: Robust Backdoor Attack using Dynamic Stacking of Triggers (2401.01537v4)

Published 3 Jan 2024 in cs.CR, cs.AI, and cs.LG

Abstract: The area of Machine Learning as a Service (MLaaS) is experiencing increased implementation due to recent advancements in the AI (Artificial Intelligence) industry. However, this spike has prompted concerns regarding AI defense mechanisms, specifically regarding potential covert attacks from third-party providers that cannot be entirely trusted. Recent research has uncovered that auditory backdoors may use certain modifications as their initiating mechanism. DynamicTrigger is introduced as a methodology for carrying out dynamic backdoor attacks that use cleverly designed tweaks to ensure that corrupted samples are indistinguishable from clean. By utilizing fluctuating signal sampling rates and masking speaker identities through dynamic sound triggers (such as the clapping of hands), it is possible to deceive speech recognition systems (ASR). Our empirical testing demonstrates that DynamicTrigger is both potent and stealthy, achieving impressive success rates during covert attacks while maintaining exceptional accuracy with non-poisoned datasets.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (36)
  1. Hyper clustering model for dynamic network intrusion detection. IET Communications.
  2. Non-diacritized Arabic speech recognition based on CNN-LSTM and attention-based models. Journal of Intelligent & Fuzzy Systems, 41(6): 6207–6219.
  3. Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI. Information fusion, 58: 82–115.
  4. CNN-RNN and data augmentation using deep convolutional generative adversarial network for environmental sound classification. IEEE Signal Processing Letters, 29: 682–686.
  5. Powering the Digital Economy: Opportunities and Risks of Artificial Intelligence in Finance. International Monetary Fund.
  6. Towards stealthy backdoor attacks against speech recognition via elements of sound. arXiv preprint arXiv:2307.08208.
  7. A comprehensive survey of ai-generated content (aigc): A history of generative ai from gan to chatgpt. arXiv preprint arXiv:2303.04226.
  8. Wild patterns reloaded: A survey of machine learning security against training data poisoning. ACM Computing Surveys, 55(13s): 1–39.
  9. Not all samples are born equal: Towards effective clean-label backdoor attacks. Pattern Recognition, 139: 109512.
  10. Dataset security for machine learning: Data poisoning, backdoor attacks, and defenses. IEEE Transactions on Pattern Analysis and Machine Intelligence, 45(2): 1563–1580.
  11. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733.
  12. Going In Style: Audio Backdoors Through Stylistic Transformations. In ICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 1–5. IEEE.
  13. Can you hear it? backdoor attacks via ultrasonic triggers. In Proceedings of the 2022 ACM workshop on wireless security and machine learning, 57–62.
  14. TitaNet: Neural Model for speaker representation with 1D Depth-wise separable convolutions and global context. In ICASSP 2022-2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 8102–8106. IEEE.
  15. A checklist for explainable AI in the insurance domain. In International Conference on the Quality of Information and Communications Technology, 446–456. Springer.
  16. Kotelly, B. 2003. The art and business of speech recognition: creating the noble voice. Addison-Wesley Professional.
  17. Backdoor learning: A survey. IEEE Transactions on Neural Networks and Learning Systems.
  18. Opportunistic Backdoor Attacks: Exploring Human-imperceptible Vulnerabilities on Speech Recognition Systems. In Proceedings of the 30th ACM International Conference on Multimedia, 2390–2398.
  19. Stacking-based deep neural network: deep analytic network for pattern classification. IEEE Transactions on Cybernetics, 50(12): 5021–5034.
  20. Untargeted backdoor attack against object detection. In ICASSP 2023-2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 1–5. IEEE.
  21. RNN and LSTM Models for Arabic Speech Commands Recognition Using PyTorch and GPU. In International Conference on Artificial Intelligence & Industrial Applications, 462–470. Springer.
  22. Adversarial Robustness Toolbox v1. 0.0. arXiv preprint arXiv:1807.01069.
  23. Spoken Digit Recognition using Machine and Deep Learning-Based Approaches. In 2023 International Telecommunications Conference (ITC-Egypt), 592–596. IEEE.
  24. SpeechBrain: A General-Purpose Speech Toolkit. ArXiv:2106.04624, arXiv:2106.04624.
  25. Neural network based digit recognition system for voice dialling in noisy environments. Information Sciences, 121(3-4): 171–199.
  26. Audio-domain position-independent backdoor attack via unnoticeable triggers. In Proceedings of the 28th Annual International Conference on Mobile Computing And Networking, 583–595.
  27. Role of Artificial Intelligence in Transforming the Face of Banking Organizations. Impact of Artificial Intelligence on Organizational Transformation, 109–122.
  28. Deep learning approaches for understanding simple speech commands. In 2020 IEEE 40th international conference on electronics and nanotechnology (ELNANO), 688–693. IEEE.
  29. Towards Backdoor Attacks and Defense in Robust Machine Learning Models. Computers & Security, 127: 103101.
  30. Artificial intelligence & financial services: Cutting through the noise. APIS partners, London, England, Tech. Rep.
  31. A Pragmatic Label-Specific Backdoor Attack. In International Conference on Frontiers in Cyber Security, 149–162. Springer.
  32. Fake the real: Backdoor attack on deep speech classification via voice conversion. arXiv preprint arXiv:2306.15875.
  33. Stealthy backdoor attack against speaker recognition using phase-injection hidden trigger. IEEE Signal Processing Letters.
  34. Backdoor attack against speaker verification. In ICASSP 2021-2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2560–2564. IEEE.
  35. A complete survey on generative ai (aigc): Is chatgpt from gpt-4 to gpt-5 all you need? arXiv preprint arXiv:2303.11717.
  36. FinBrain: when finance meets AI 2.0. Frontiers of Information Technology & Electronic Engineering, 20(7): 914–924.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets