Adversarial Music: Real World Audio Adversary Against Wake-word Detection System

by   Juncheng B. Li, et al.

Voice Assistants (VAs) such as Amazon Alexa or Google Assistant rely on wake-word detection to respond to people's commands, which could potentially be vulnerable to audio adversarial examples. In this work, we target our attack on the wake-word detection system, jamming the model with some inconspicuous background music to deactivate the VAs while our audio adversary is present. We implemented an emulated wake-word detection system of Amazon Alexa based on recent publications. We validated our models against the real Alexa in terms of wake-word detection accuracy. Then we computed our audio adversaries with consideration of expectation over transform and we implemented our audio adversary with a differentiable synthesizer. Next, we verified our audio adversaries digitally on hundreds of samples of utterances collected from the real world. Our experiments show that we can effectively reduce the recognition F1 score of our emulated model from 93.4 audio adversary over the air, and verified it works effectively against Alexa, reducing its F1 score from 92.5 non-adversarial music does not disable Alexa as effectively as our music at the same sound level. To the best of our knowledge, this is the first real-world adversarial attack against a commercial-grade VA wake-word detection system. Our code and demo videos can be accessed at <>


On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples

Machine learning (ML) models are known to be vulnerable to adversarial e...

Classification of Infant Crying in Real-World Home Environments Using Deep Learning

In the domain of social signal processing, automated audio recognition i...

Deep Learning and Music Adversaries

An adversary is essentially an algorithm intent on making a classificati...

Robust Audio Adversarial Example for a Physical Attack

The success of deep learning in recent years has raised concerns about a...

Feature Importance Guided Attack: A Model Agnostic Adversarial Attack

Machine learning models are susceptible to adversarial attacks which dra...

Automatic Detection of Depression from Stratified Samples of Audio Data

Depression is a common mental disorder which has been affecting millions...

The Impact of Complex and Informed Adversarial Behavior in Graphical Coordination Games

How does system-level information impact the ability of an adversary to ...