Collaborative Research: SaTC: CORE: Small: Securing IoT and Edge Devices under Audio Adversarial Attacks

协作研究：SaTC：核心：小型：在音频对抗攻击下保护物联网和边缘设备

• 批准号: 2114220
• 负责人: Yingying Chen
• 金额: $ 33万
• 依托单位: Rutgers University New Brunswick
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2114220&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

Powered by the advancement of artificial intelligence (AI) techniques, the next-generation voice-controllable IoT and edge systems have substantially facilitated people’s daily lives. Such systems include voice assistant systems and voice authenticated mobile banking, among many others. However, the underlying machine learning approaches used in these systems, are inherently vulnerable to audio adversarial attacks, in which an adversary can mislead the machine learning models via injecting imperceptible perturbation to the original audio input. Given the widespread adoption of voice-controllable IoT and edge systems in many privacy-critical and safety-critical applications, e.g., personal banking and autonomous driving, the in-depth understanding and investigation of severity and consequences of audio-based adversarial attack as well as the corresponding defense solutions, are highly demanded. This project will perform a comprehensive study and analysis of the vulnerability and robustness of voice-controllable IoT and edge systems against audio-domain adversarial attacks in both temporal and spatial perspectives. The research outcome of this project will form solid foundations for building trustworthy voice-controllable IoT and edge systems. The developed defense techniques will improve the security of many intelligent audio systems, such as automatic speech recognition (ASR), keyword spotting, and speaker recognition. This project will involve underrepresented students, undergraduate and graduate students, and K-12 students through a variety of engaging programs.The objective of this project is to demonstrate the feasibility of audio adversarial attacks in the physical world, determine the attack severity and consequences, and further develop defending strategies in practical environments to build attack-resilient voice-controllable Internet-of-Things (IoT) devices and edge systems. To study the possibility and severity of audio adversarial attacks in a practical time-constraint setting, the project will develop low-cost audio-agnostic synchronization-free attack launching schemes, including audio-specific fast adversarial perturbation generator and universal adversarial perturbation generator. To investigate how the adversarial perturbations survive various propagation factors in realistic environments, the project will analyze the audio distortions caused by the over-the-air propagation using an advanced room impulse response simulator and physical environment measurements. The project will also develop several defense techniques, including defensive denoiser, model enhancement, and microphone-array-based liveness detection. The presented technique will help to secure the voice-controllable IoT and edge devices under audio adversarial attacks. The project will also contribute to a new computing paradigm in audio-based adversarial machine learning in both theoretic foundations as well as safety-critical audio-oriented emerging applications.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在人工智能（AI）技术进步的推动下，下一代语音控制物联网和边缘系统极大地便利了人们的日常生活，这些系统包括语音助理系统和语音认证的移动银行等。这些系统中使用的机器学习方法本质上很容易受到音频对抗性攻击，鉴于语音控制的广泛采用，攻击者可以通过向原始音频输入注入难以察觉的扰动来误导机器学习模型。物联网和边缘系统在许多隐私关键和安全关键的应用中，例如个人银行和自动驾驶，对基于音频的对抗性攻击的严重性和后果的深入理解和调查以及相应的防御解决方案都受到高度重视。该项目将从时间和空间角度对语音控制物联网和边缘系统针对音频域对抗攻击的脆弱性和鲁棒性进行全面的研究和分析。语音控制物联网和边缘系统。所开发的防御技术将提高许多智能音频系统的安全性，例如自动语音识别（ASR）、关键字识别和说话人识别。该项目将涉及代表性不足的学生、本科生和研究生。和K-12学生通过各种参与计划。该项目的目的是演示音频对抗性攻击在物理世界中的可行性，确定攻击的严重性和后果，并在实际环境中进一步制定防御策略以构建攻击-有弹性的为了研究实际时间限制环境下音频对抗性攻击的可能性和严重性，该项目将开发低成本的与音频无关的无同步攻击启动方案。 ，包括音频特定的快速对抗性扰动生成器和通用对抗性扰动生成器为了研究对抗性扰动如何在现实环境中承受各种传播因素，该项目将分析由以下因素引起的音频失真。该项目还将开发多种防御技术，包括防御降噪器、模型增强和基于麦克风阵列的活体检测。确保语音控制的物联网和边缘设备免受音频对抗攻击，该项目还将在理论基础和面向安全的音频新兴应用中为基于音频的对抗机器学习的新计算范例做出贡献。通过使用基金会的智力价值和更广泛的影响审查标准进行评估，NSF 的法定使命被认为值得支持。

项目成果

Robust Detection of Machine-induced Audio Attacks in Intelligent Audio Systems with Microphone Array

具有麦克风阵列的智能音频系统中机器引发的音频攻击的鲁棒检测

• DOI: 10.1145/3460120.3484755
• 发表时间: 2021-11-12
• 期刊: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Zhuohang Li;Cong Shi;Tianfang Zhang;Yi Xie;Jian Liu;Bo Yuan;Yingying Chen
• 通讯作者: Yingying Chen

Invisible and Efficient Backdoor Attacks for Compressed Deep Neural Networks

压缩深度神经网络的隐形高效后门攻击

• DOI: 10.1109/icassp43922.2022.9747582
• 发表时间: 2022-05-23
• 期刊: ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)
• 作者: Huy Phan;Yi Xie;Jian Liu;Yingying Chen;Bo Yuan
• 通讯作者: Bo Yuan

HALOC: Hardware-Aware Automatic Low-Rank Compression for Compact Neural Networks

HALOC：紧凑型神经网络的硬件感知自动低阶压缩

• 发表时间: 2023-01
• 期刊: Proceedings of the AAAI Conference on Artificial Intelligence
• 作者: Xiao, J;Zhang, C;Gong, Y;Yin, M;Sui, Y;Xiang, L;Tao, D;Yuan, B
• 通讯作者: Yuan, B

RIBAC: Towards Robust and Imperceptible Backdoor Attack against Compact DNN

RIBAC：针对紧凑 DNN 的稳健且难以察觉的后门攻击

• 发表时间: 2022-09
• 期刊: European conference on computer vision
• 作者: Phan, H.;Shi, C.;Xie, Y.;Zhang, T.;Li, Z.;Zhao, T.;Liu, J.;Wang, Y.;Chen, Y.;Yuan, B.
• 通讯作者: Yuan, B.

Stealthy Backdoor Attack on RF Signal Classification

针对射频信号分类的隐形后门攻击

• 发表时间: 2023-01
• 期刊: International Conference on Computing Communication and Networking Technologies
• 作者: Zhao, T;Tang, Z;Zhang, T;Phan, H;Wang, Y;Shi, C;Yuan, B;Chen, Y
• 通讯作者: Chen, Y