adversarial music real world audio adversary against wake
play

Adversarial Music: Real world audio adversary against wake-word - PowerPoint PPT Presentation

Mar 13, 2024 •224 likes •356 views

NeurIPS 2019, Vancouver, Canada Adversarial Music: Real world audio adversary against wake-word detection systems Juncheng B. Li , Shuhui Qu , Xinjian Li , Joseph Szurley , Zico Kolter , , Florian Metze Carnegie

  1. NeurIPS 2019, Vancouver, Canada Adversarial Music: Real world audio adversary against wake-word detection systems Juncheng B. Li ♤ , Shuhui Qu ♢ , Xinjian Li ♤ , Joseph Szurley ♧ , Zico Kolter ♤ , ♧ , Florian Metze ♤ ♤ Carnegie Mellon University ♧ Bosch Center for Artificial Intelligence ♢ Stanford University 1 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  2. Motivation Existing audio attacks against Automatic Speech Recognition systems Adversarial Attack not robust over-the-air not just a problem in vision Sample adversarial noise “Alexa” + Schönherr et al. [2019] Environment Noise Environment noise at home nullifies Fish tank + clock Adversarial Noise Li et al. [2019] 2 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  3. Two Big Challenges Noise The actual Alexa model is Unstructured adversarial noises are a black box not robust in practice 3 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  4. Contributions Gray-box over-the-air Denial of Service (Dos) Attack against commercial voice assistant • A “gray-box” attack that leverages the domain transferability of our perturbation. We demonstrated its effect in the real world under separate audio source settings. • A novel threat model that allows us to disguise our adversarial attack as a piece of music with tunable parameters playable over the air in the physical space. • Jointly optimizing the attack nature while fitting the threat model to the perturbation achievable by the microphone hearing response of Amazon Alexa. Our attack budget is very limited compared with previous works, which makes this challenging. 4 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  5. “Grey Box” Attack Emulated Wake-word Detect Model Detection Error Tradeoff Figure 1: Emulated Model Architecture Figure 2: Detection Error Tradeoff Curve. The based on Panchapagesan et al. [2016], curve of Alexa model is shown in a flat line as Kumatani et al. [2017], Guo et al. [2018] its false alarm rate is not published 5 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  6. Adversarial Music Generation using Physical Modeling Synthesizer Physical Modeling Synthesizer Unstructured noise Duration Volume Key Karplus Strong Generator Jaffe and Smith [1983] Iteratively Initialize White Noise decay average δ θ Duration θ Key θ Volume Wikipedia contributors. “White Noise" Wikipedia δ θ 6 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  7. Combat Distortion with Limited Attack Budget Psychoacoustic Effect Room Impulse Response (RIR) Audio masking graph Scheibler et al. [2019], Wikipedia contributors. "Psychoacoustics." Wikipedia RIR Psychoacoustic term Final Loss: 7 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  8. Results Precision Recall F1 Score Digital/ # of Model Physical Sample w/o Attack Attack w/o Attack Attack w/o Attack Attack Emulated Model Digital 0.97 0.14 0.94 0.11 0.95 0.117 4000 Emulated Model Physical 0.96 0.12 0.91 0.09 0.934 0.110 100 Alexa Physical 0.93 0.11 0.92 0.10 0.925 0.110 100 Table 1. Performance of the models with and without attacks in digital and physical testing environments given the number of testing samples 8 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  9. Over-the-air Experiment Setup Spectrogram of the generated Over-the-air testing illustration adversarial music 9 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  10. Over-the-air Evaluation φ = 0 ◦ d t = φ = 90 ◦ d t = φ = 180 ◦ d t = Test Against Alexa d a = Volume 4.2 ft 7.2 ft 10.2 ft 4.2 ft 7.2 ft 10.2 ft 4.2 ft 7.2 ft 10.2 ft 4.7ft 70 dbA 0/10 0/10 0/10 0/10 0/10 0/10 0/10 0/10 0/10 6.2ft 1/10 0/10 0/10 1/10 0/10 0/10 1/10 2/10 1/10 70 dbA 70 dbA 2/10 0/10 0/10 3/10 1/10 1/10 3/10 3/10 1/10 7.7ft 4.7ft 60 dbA 0/10 0/10 0/10 0/10 0/10 0/10 0/10 0/10 0/10 6.2ft 60 dbA 1/10 1/10 0/10 3/10 1/10 0/10 2/10 2/10 0/10 7.7ft 60 dbA 2/10 1/10 0/10 3/10 2/10 1/10 4/10 3/10 1/10 4.7ft 50 dbA 1/10 2/10 1/10 2/10 2/10 2/10 2/10 2/10 1/10 6.2ft 50 dbA 2/10 3/10 2/10 3/10 3/10 2/10 2/10 3/10 2/10 7.7ft 50 dbA 2/10 3/10 2/10 3/10 2/10 3/10 4/10 3/10 3/10 10 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  11. 11 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

  12. NeurIPS 2019, Vancouver, Canada Thank you! See you on Thursday, Dec 12th 10:45-12:45 East Exhibition Hall B + C #10 at Adversarial Music: Real world audio adversary against wake-word detection systems Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze 12 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Overview What is Adversarial Attack? Why should we care? How does it work? Real

Overview What is Adversarial Attack? Why should we care? How does it work? Real

Adversarial Attacks on Phishing Detection Ryan Chang Overview What is Adversarial Attack? Why should we care? How does it work? Real World Demo on Phishing Detection Model How to defend? Adversarial Examples on

610 views • 26 slides
Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain EUROCRYPT 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

1.11k views • 57 slides
Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain TPMPC 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

925 views • 69 slides
Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks Chetan

Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks Chetan

Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks Chetan Kumar, Riazat Ryan, Ming Shao Department of Computer and Information Science, University of Massachusetts, Dartmouth Data Leakage: Limited time

294 views • 27 slides
$ 250 Well take care of all of the audio for your ceremony. Including seating music,

$ 250 Well take care of all of the audio for your ceremony. Including seating music,

$ 250 Well take care of all of the audio for your ceremony. Including seating music, pre-recessional music. Up to 3 microphones. And the ability to wire and mic up instruments. Well also provide your videographers with an audio feed.

364 views • 11 slides
Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion Yuan, Di

Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion Yuan, Di

Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion Yuan, Di Tang , Xiaojing Liao, XiaoFeng Wang, Xuan Feng, Kan Yi Chen, Menghan Sun, Haoran Lu, Kehuan Zhang A C ASE IN THE W ILD Sexual stream t.cn

492 views • 30 slides
HexaGAN: Generative Adversarial Nets for Real World Classification Uiwon Hwang , Dahuin

HexaGAN: Generative Adversarial Nets for Real World Classification Uiwon Hwang , Dahuin

HexaGAN: Generative Adversarial Nets for Real World Classification Uiwon Hwang , Dahuin Jung, and Sungroh Yoon Seoul National University Electrical and Computer Engineering speaker Problem Definition Missing data problem

516 views • 23 slides
Introduction Meinard Mller International Audio Laboratories Erlangen

Introduction Meinard Mller International Audio Laboratories Erlangen

Lecture Music Processing Introduction Meinard Mller International Audio Laboratories Erlangen meinard.mueller@audiolabs-erlangen.de Music Music Information Retrieval (MIR) MusicXML (Text) Sheet Music (Image) CD / MP3 (Audio) Dance /

909 views • 35 slides
Welcome! There is no hold music when your audio connects, so thank you for your patience. The

Welcome! There is no hold music when your audio connects, so thank you for your patience. The

Welcome! There is no hold music when your audio connects, so thank you for your patience. The presentation will begin shortly. ALL Attendee audio is muted. Use one of the 3 audio options: 1. Call Using Computer (recommended option) 2. Call

301 views • 27 slides
Introduction (1) Pau Arumi parumi@iua.upf.es CLAM: C++ Library for Audio and Music A

Introduction (1) Pau Arumi parumi@iua.upf.es CLAM: C++ Library for Audio and Music A

Disclaimer: this pdf is just the content of the sliders with no format at all. I'm using the moin-wiki slides plugin for the real slides. Introduction (1) Pau Arumi parumi@iua.upf.es CLAM: C++ Library for Audio and Music A Framework for

692 views • 10 slides
Extracting and Using Music Audio Information Dan Ellis Laboratory for Recognition and

Extracting and Using Music Audio Information Dan Ellis Laboratory for Recognition and

Extracting and Using Music Audio Information Dan Ellis Laboratory for Recognition and Organization of Speech and Audio Dept. Electrical Engineering, Columbia University, NY USA http://labrosa.ee.columbia.edu/ 1. Motivation: Music Collections

546 views • 42 slides
The OMRAS2 project Bringing together semantic audio, music informatics and computational

The OMRAS2 project Bringing together semantic audio, music informatics and computational

The OMRAS2 project Bringing together semantic audio, music informatics and computational musicology Mark Sandler Centre for Digital Music Queen Mary University of London Music Information Retrieval is maturing Components for Beat

251 views • 12 slides
GCT535- Sound Technology for Multimedia Music and Audio Alignment Graduate School of Culture

GCT535- Sound Technology for Multimedia Music and Audio Alignment Graduate School of Culture

GCT535- Sound Technology for Multimedia Music and Audio Alignment Graduate School of Culture Technology KAIST Juhan Nam 1 Outlines Musical Representations Score, Audio, MIDI Music and Audio Alignment Synchronization Framework

311 views • 29 slides
Audio Data Representations Juhan Nam Types of Music Data Audio MP3, WAV Score

Audio Data Representations Juhan Nam Types of Music Data Audio MP3, WAV Score

GCT634/AI613: Musical Applications of Machine Learning (Fall 2020) Audio Data Representations Juhan Nam Types of Music Data Audio MP3, WAV Score (symbolic) MIDI, typesetting script languages (e.g., MusicXML) Image Score

332 views • 32 slides
CTP431- Music and Audio Computing Music Information Retrieval Graduate School of Culture

CTP431- Music and Audio Computing Music Information Retrieval Graduate School of Culture

CTP431- Music and Audio Computing Music Information Retrieval Graduate School of Culture Technology KAIST Juhan Nam 1 Introduction Instrument: Piano Classical Genre: Composer: Chopin Key: E-minor Mood: Melancholy, Sad,

804 views • 46 slides
A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples Qiang Zeng ,

A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples Qiang Zeng ,

A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples Qiang Zeng , Jianhai Su, Chenglong Fu, Golam Kayas, Lannan Luo, Xiaojiang Du, Chiu C. Tan, and Jie Wu DSN 2019 2 3 Audio AE generation Open the front

353 views • 20 slides
Opening the pod bay doors building intelligent agents that can interpret, generate and learn

Opening the pod bay doors building intelligent agents that can interpret, generate and learn

Opening the pod bay doors building intelligent agents that can interpret, generate and learn from natural language Jacob Andreas, MIT / Microsoft web.mit.edu/jda/www / @jacobandreas Following natural language instructions

1.61k views • 122 slides
Kalman Filter Kalman Filter = special case of a Bayes filter with dynamics model and n

Kalman Filter Kalman Filter = special case of a Bayes filter with dynamics model and n

EKF, UKF Pieter Abbeel UC Berkeley EECS Many slides adapted from Thrun, Burgard and Fox, Probabilistic Robotics Kalman Filter Kalman Filter = special case of a Bayes filter with dynamics model and n sensory model being linear Gaussian: 2

535 views • 17 slides
Improved Dynamic Graph Learning through Fault-Tolerant Sparsification Chun Jiang Zhu , Sabine

Improved Dynamic Graph Learning through Fault-Tolerant Sparsification Chun Jiang Zhu , Sabine

Improved Dynamic Graph Learning through Fault-Tolerant Sparsification Chun Jiang Zhu , Sabine Storandt, Kam-Yiu Lam, Song Han, Jinbo Bi Motivations Consider the problem of solving certain graph regularized learning problems For example,

242 views • 13 slides
Evolutionary Systems Biology: multilevel evolution Paulien Hogeweg Theoretical Biology and

Evolutionary Systems Biology: multilevel evolution Paulien Hogeweg Theoretical Biology and

Evolutionary Systems Biology: multilevel evolution Paulien Hogeweg Theoretical Biology and Bioinformatics Grp UU March 13, 2014 Biology is changing fast.... One of the most fundamental patterns of scientific discovery is the revolution in

1.12k views • 45 slides
Multiclass Boosting with Repartitioning Ling Li Learning Systems Group, Caltech ICML 2006

Multiclass Boosting with Repartitioning Ling Li Learning Systems Group, Caltech ICML 2006

Introduction Multiclass Boosting Repartitioning Experiments Summary Multiclass Boosting with Repartitioning Ling Li Learning Systems Group, Caltech ICML 2006 Introduction Multiclass Boosting Repartitioning Experiments Summary Binary

545 views • 23 slides
Preparing for the Unexpected Samuel Parkinson samuel.parkinson@ft.com #qconlondon

Preparing for the Unexpected Samuel Parkinson samuel.parkinson@ft.com #qconlondon

Preparing for the Unexpected Samuel Parkinson samuel.parkinson@ft.com #qconlondon #prepfortheunexpected Photo by Hush Naidoo on Unsplash #qconlondon #prepfortheunexpected #qconlondon #prepfortheunexpected Lets start with a story

1.96k views • 181 slides
Product Development Dilemma Product Development Dilemma

Product Development Dilemma Product Development Dilemma

A Revolutionary Solution for A Revolutionary Solution for Unified RF System and Circuit Unified RF System and Circuit Design Design EDP-2002 Conference Monterey, California April 21-23 James Spoto President and CEO AWR Product

172 views • 6 slides
Unique equilibrium states for geodesic flows in nonpositive curvature Todd Fisher Department of

Unique equilibrium states for geodesic flows in nonpositive curvature Todd Fisher Department of

Unique equilibrium states for geodesic flows in nonpositive curvature Todd Fisher Department of Mathematics Brigham Young University Fractal Geometry, Hyperbolic Dynamics and Thermodynamical Formalism Joint work with K. Burns, V. Climenhaga,

597 views • 40 slides

More recommend