A robust adversarial attack against speech recognition with UAP

Speech recognition (SR) systems based on deep neural networks are increasingly widespread in smart devices. However, they are vulnerable to human-imperceptible adversarial attacks, which cause the SR to generate incorrect or targeted adversarial commands. Meanwhile, audio adversarial attacks are particularly susceptible to various factors, e.g., ambient noise, after applying them to a real-world attack. To circumvent this issue, we develop a universal adversarial perturbation (UAP) generation method to construct robust real-world UAP by integrating ambient noise into the generation process. The proposed UAP can work well in the case of input-agnostic and independent sources. We validate the effectiveness of our method on two different SRs in different real-world scenarios and parameters, the results demonstrate that our method yields state-of-the-art performance, i.e. given any audio waveform, the word error rate can be up to 80%. Extensive experiments investigate the impact of different parameters (e.g, signal-to-noise ratio, distance, and attack angle) on the attack success rate.(c) 2023 The Author(s). Published by Elsevier B.V. on behalf of Shandong University. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).