Print Email Facebook Twitter Can You Hear It? Backdoor Attacks via Ultrasonic Triggers Title Can You Hear It? Backdoor Attacks via Ultrasonic Triggers Author Koffas, S. (TU Delft Cyber Security) Xu, J. (TU Delft Cyber Security) Conti, M. (TU Delft Cyber Security; Università degli Studi di Padova) Picek, S. (TU Delft Cyber Security; Radboud Universiteit Nijmegen) Date 2022 Abstract This work explores backdoor attacks for automatic speech recognition systems where we inject inaudible triggers. By doing so, we make the backdoor attack challenging to detect for legitimate users and, consequently, potentially more dangerous. We conduct experiments on two versions of a speech dataset and three neural networks and explore the performance of our attack concerning the duration, position, and type of the trigger. Our results indicate that less than 1% of poisoned data is sufficient to deploy a backdoor attack and reach a 100% attack success rate. We observed that short, non-continuous triggers result in highly successful attacks. Still, since our trigger is inaudible, it can be as long as possible without raising any suspicions making the attack more effective. Finally, we conduct our attack on actual hardware and saw that an adversary could manipulate inference in an Android application by playing the inaudible trigger over the air. Subject backdoor attacksinaudible triggerneural networks To reference this document use: http://resolver.tudelft.nl/uuid:ed9603ee-97b4-4942-9741-75cad042b471 DOI https://doi.org/10.1145/3522783.3529523 Publisher Association for Computing Machinery (ACM) ISBN 978-1-4503-9277-8 Source WiseML 2022 - Proceedings of the 2022 ACM Workshop on Wireless Security and Machine Learning Event 4th ACM Workshop on Wireless Security and Machine Learning, WiseML 2022, 2022-05-19 → , San Antonio, United States Series WiseML 2022 - Proceedings of the 2022 ACM Workshop on Wireless Security and Machine Learning Part of collection Institutional Repository Document type conference paper Rights © 2022 S. Koffas, J. Xu, M. Conti, S. Picek Files PDF 3522783.3529523.pdf 2.13 MB Close viewer /islandora/object/uuid:ed9603ee-97b4-4942-9741-75cad042b471/datastream/OBJ/view