English

Zero-Query Adversarial Attack on Black-box Automatic Speech Recognition Systems

Cryptography and Security 2024-06-28 v1 Sound Audio and Speech Processing

Abstract

In recent years, extensive research has been conducted on the vulnerability of ASR systems, revealing that black-box adversarial example attacks pose significant threats to real-world ASR systems. However, most existing black-box attacks rely on queries to the target ASRs, which is impractical when queries are not permitted. In this paper, we propose ZQ-Attack, a transfer-based adversarial attack on ASR systems in the zero-query black-box setting. Through a comprehensive review and categorization of modern ASR technologies, we first meticulously select surrogate ASRs of diverse types to generate adversarial examples. Following this, ZQ-Attack initializes the adversarial perturbation with a scaled target command audio, rendering it relatively imperceptible while maintaining effectiveness. Subsequently, to achieve high transferability of adversarial perturbations, we propose a sequential ensemble optimization algorithm, which iteratively optimizes the adversarial perturbation on each surrogate model, leveraging collaborative information from other models. We conduct extensive experiments to evaluate ZQ-Attack. In the over-the-line setting, ZQ-Attack achieves a 100% success rate of attack (SRoA) with an average signal-to-noise ratio (SNR) of 21.91dB on 4 online speech recognition services, and attains an average SRoA of 100% and SNR of 19.67dB on 16 open-source ASRs. For commercial intelligent voice control devices, ZQ-Attack also achieves a 100% SRoA with an average SNR of 15.77dB in the over-the-air setting.

Keywords

Cite

@article{arxiv.2406.19311,
  title  = {Zero-Query Adversarial Attack on Black-box Automatic Speech Recognition Systems},
  author = {Zheng Fang and Tao Wang and Lingchen Zhao and Shenyi Zhang and Bowen Li and Yunjie Ge and Qi Li and Chao Shen and Qian Wang},
  journal= {arXiv preprint arXiv:2406.19311},
  year   = {2024}
}

Comments

To appear in the Proceedings of The ACM Conference on Computer and Communications Security (CCS), 2024

R2 v1 2026-06-28T17:21:37.996Z