hidden voice commands
play

Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish - PowerPoint PPT Presentation

Jul 30, 2023 •337 likes •993 views

Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**, Micah Sherr**, Clay Shields**, David Wagner*, Wenchao Zhou** * University of California, Berkeley ** Georgetown University Voice channel opens up new

  1. Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**, Micah Sherr**, Clay Shields**, David Wagner*, Wenchao Zhou** * University of California, Berkeley ** Georgetown University

  3. Voice channel opens up new 
 possibilities for attack

  4. Today: "Okay google, text [premium SMS number]"

  5. In the future? "Okay google, pay John $100"

  7. We make voice commands stealthy.

  8. We produce audio which is noise to humans, but speech to devices.

  9. This is an instance of attacks 
 on Machine Learning

  10. Background

  11. Background Machine Learning Text Algorithm

  12. Background Feature ML Text Extraction Algorithm

  13. Feature Extraction

  14. Feature Extraction

  15. Feature Extraction

  16. Feature Extraction MFCC [x 0 ] MFCC [x 1 ] MFCC [x 2 ]

  17. Feature ML Text Extraction Algorithm

  19. First Attack: White-Box Assume complete system knowledge 
 (model, parameters, etc)

  20. Recognition Feature ML Text Extraction Algorithm

  21. Attack Feature ML Text Extraction Algorithm

  22. Attack Feature ML Text Extraction Algorithm

  23. Attack Feature ML Text Extraction Algorithm

  24. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ] MFCC -1 [x 2 ]

  25. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ] MFCC -1 [x 2 ]

  26. Inverting Feature Extraction MFCC -1 [x 0 ]

  27. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ]

  28. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ]

  29. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ] MFCC -1 [x 2 ]

  30. Inverting Feature Extraction MFCC -1 [x 0 ] MFCC -1 [x 1 ] MFCC -1 [x 2 ]

  31. Actually not that easy

  32. Playing attacks over-the-air 1. Create a model of the physical channel 2. Use model to predict effect of over-the-air 3. Validate model by playing potential obfuscated commands during generation

  33. Demo

  34. Demo

  35. Okay Google, take a picture

  36. Demo

  37. Okay Google, text 12345

  38. Demo

  39. Okay Google, browse to evil.com

  40. Not Over-The-Air Demo

  41. Okay Google, browse to evil.com

  43. Limitations No background noise, in an echo-free room. Assumes complete knowledge of model.

  45. Can we make this attack practical? Can we remove the white-box assumption?

  46. Yes. ... but at the expense of attack quality.

  48. Black-Box Attack Audio Speech Text Obfuscater Recognition

  49. Black-Box Attack MFCC Speech Text MFCC -1 Recognition

  50. Evaluation

  51. Demo

  56. White-Box Black-Box Attack on open system Practical real-world attack Commands heavily obfuscated Somewhat possible to recognize Works when played over-the-air Works when played over-the-air Doesn't tolerate background noise Background noise and echo okay

  58. Defenses? Notify the user that an action was taken. Challenge the user to perform an action. Detect and prevent the malicious commands.

  59. Detect and Prevent Successfully trained simple machine learning classifier: learn the difference between attack commands and actual commands

  61. Conclusion Voice: new paradigm for human-device interaction. This brings many new risks. Our hidden voice commands are practical. The impact of these attacks will increase. Future work is needed to construct defenses. http://hiddenvoicecommands.com/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by Jinli Zhong FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild, NDSS17 Presented by Jie Li Protecting Privacy of BLE

470 views • 34 slides
Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

DAISY D ata A nalysis and I nformation S ecurit Y Lab Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to Audio-based Adversarial Attacks Yingying (Jennifer) Chen Professor, Electrical and Computer

1.05k views • 46 slides
Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1 Longfei Shangguan 2 Zhenjiang Li 1 Kyle Jamieson 3 1 City University of Hong Kong, 2 Microsoft, 3 Princeton University Voice Assistants in Smart Home 2

808 views • 54 slides
DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu Zhejiang University BACKGROUND- DOLPHIN ATTACK An approach to inject inaudible voice commands at VCS by exploiting the

481 views • 28 slides
DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin

DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin

DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu Zhejiang University Presenter: Huichen Li This paper won the CCS 2017 Best Paper award Speech Recognition Systems Apple Siri

720 views • 51 slides
SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves Qiben

SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves Qiben

SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves Qiben Yan 1 , Kehai Liu 2 , Qin Zhou 2 Hanqing Guo 1 , Ning Zhang 3 1 Michigan State University, 2 University of Nebraska-Lincoln, 3 Washington University

298 views • 29 slides
Android Pre-requisites 2 1 Unix commands Ge6ng help Use

Android Pre-requisites 2 1 Unix commands Ge6ng help Use

Android Pre-requisites 2 1 Unix commands Ge6ng help Use help flag when running command Type man command Hidden files Begin with .

212 views • 6 slides
The Shell What does a shell do? - execute commands, programs - but how? For built in commands

The Shell What does a shell do? - execute commands, programs - but how? For built in commands

The Shell What does a shell do? - execute commands, programs - but how? For built in commands run some code to do the command For other commands find program executable and .... run it. Other features: wildcards, pipes, redirection.

468 views • 18 slides
Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed

Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed

Lecture 8: Visual Mode, /<CR>, Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed to next week... Too few things to test on Make sure to practice on commands discussed so far. Every

1.11k views • 83 slides
DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and

DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and

DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes Presented by N7MOT Lenny Gemar Amateur radio began with spark gap transmitters, evolving to Morse code and analog voice

442 views • 20 slides
Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF

Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF

Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF 4FSK VHF C4FM AMBE, AMBE+2, Codec-2 HF OFDM Audio Vocoder Modulator Integrate data into protocol A/D Compressed 10101111010 Mic

729 views • 13 slides
Colossians Commands Commands put to death your members 3:5 you yourself are to put

Colossians Commands Commands put to death your members 3:5 you yourself are to put

Colossians Commands Commands put to death your members 3:5 you yourself are to put off all these 3:8 put off the old man with his deeds 3:9 put on the new man who is renewed 3:10 put on tender mercies

2.44k views • 197 slides
Voice production Larynx and the vocal folds ARTICULATION PHONATION BREATHING (Lena Lyons efter

Voice production Larynx and the vocal folds ARTICULATION PHONATION BREATHING (Lena Lyons efter

M Sdersten, Karolinska Institutet, Rekjavik, Oct 12, 2012 Voice team Karolinska University Hospital and Karolinska Institute Voice production and teachers voice disorders How does the voice work and what makes it to fail?

73 views • 5 slides
Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now!

Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now!

Lecture 5: Review + Basic Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now! Midterm next week! Format is similar to hws, focus on writing clear descriptions that do exactly what you want to

549 views • 43 slides
April 7: Safety Question Protection State Transitions Commands Conditional Commands

April 7: Safety Question Protection State Transitions Commands Conditional Commands

April 7: Safety Question Protection State Transitions Commands Conditional Commands Special Rights Principle of Attenuation of Privilege Harrison-Ruzzo-Ullman result Corollaries April 7, 2017 ECS 235B Spring Quarter

588 views • 33 slides
There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah

There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah

Jeremiah 1:1-19 There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah 1:1-19 That voice rules. not only heard, but heeded. not only obliged, but obyed. Jeremiah 1:1-19 the word of the Lord

617 views • 12 slides
EFFECTIVE INTEGRATION OF STUDENT VOICE INTO SCHOOLS Illinois State Board of Education Student

EFFECTIVE INTEGRATION OF STUDENT VOICE INTO SCHOOLS Illinois State Board of Education Student

EFFECTIVE INTEGRATION OF STUDENT VOICE INTO SCHOOLS Illinois State Board of Education Student Advisory Council Final Presentation 2015 - 2016 Presented by Co-Chairs Nicole Marcus and Travis Whitt MEMBERS OF THE STUDENT ADVISORY COUNCIL Nicole

495 views • 13 slides
TSA Behavioral Analysts Are Only Slightly Better Chance says the Government Accounting

TSA Behavioral Analysts Are Only Slightly Better Chance says the Government Accounting

TSA Behavioral Analysts Are Only Slightly Better Chance says the Government Accounting Office The Transportation Security Administration has spent $900 million since 2007 to train 3000 behavior detection officers at airports nationwide.

444 views • 29 slides
ORAL PRESENTAION Miss. Modi Al-Mandeel The first Steps: 1. Researching the topic 2. Organizing

ORAL PRESENTAION Miss. Modi Al-Mandeel The first Steps: 1. Researching the topic 2. Organizing

HOW TO PREPARE AN ORAL PRESENTAION Miss. Modi Al-Mandeel The first Steps: 1. Researching the topic 2. Organizing and writing the speech 3. Practicing the speech and handling logistics 4. Phrasing the speech 5. Managing your stage fright 6.

844 views • 20 slides
Swedish regulatory framework and implementation of EU legislation Minke Wersll Swedish Work

Swedish regulatory framework and implementation of EU legislation Minke Wersll Swedish Work

Swedish regulatory framework and implementation of EU legislation Minke Wersll Swedish Work Environment Authority Minke.wersall@av.se 2015-03-25 | 1 Council Directive 90/269/EEC of 1990 On the minimum health and safety requirements for

391 views • 24 slides
Lean Six Sigma Five Performance Improvement Projects within One DSRIP Project Lisa Barrington,

Lean Six Sigma Five Performance Improvement Projects within One DSRIP Project Lisa Barrington,

1 Lean Six Sigma Five Performance Improvement Projects within One DSRIP Project Lisa Barrington, Performance Improvement Mark Funderburk, UMC Executive Vice President and COO Region 12 Learning Collaborative University Medical Center

1.8k views • 53 slides
HOW TO RECORD NARRATION OVER A POWERPOINT PRESENTATION This guide explains how to record

HOW TO RECORD NARRATION OVER A POWERPOINT PRESENTATION This guide explains how to record

SUPPORTING STUDENT LEARNING ONLINE 11 HOW TO RECORD NARRATION OVER A POWERPOINT PRESENTATION This guide explains how to record narration over a PowerPoint presentation. You can also do this via Collaborate Ultra (this is explained in a

177 views • 3 slides
ATHENS - GREECE Presentation For International Meetings & Events 1. Location Our hotel's

ATHENS - GREECE Presentation For International Meetings & Events 1. Location Our hotel's

RADISSON BLU PARK HOTEL ATHENS - GREECE Presentation For International Meetings & Events 1. Location Our hotel's location puts Athens city center within easy reach. Guests can enjoy convenient access to the Victoria metro station, just

511 views • 16 slides
Using Your Polycom VVX 300/400 IP Telephone t r a i n i n g @ o h i o . n e t P

Using Your Polycom VVX 300/400 IP Telephone t r a i n i n g @ o h i o . n e t P

Using Your Polycom VVX 300/400 IP Telephone t r a i n i n g @ o h i o . n e t P : 8 8 8 . 8 8 1 . 0 8 0 5 F : 3 3 0 . 6 5 8 . 7 5 0 0 Getting to know your phone... 1 1.Message Waiting Indicator 2.Line

539 views • 14 slides

More recommend