The Art of Deception: Robust Backdoor Attack using Dynamic Stacking of Triggers

TL;DR

This paper introduces DynamicTrigger, a novel method for covert backdoor attacks on speech recognition systems that uses dynamic sound triggers to deceive models while remaining stealthy and maintaining high accuracy on clean data.

Contribution

The paper presents DynamicTrigger, a new dynamic backdoor attack technique that employs fluctuating sampling rates and sound masking to create stealthy, effective attacks on ASR systems.

Findings

High success rates in covert attack scenarios

Maintains accuracy on non-poisoned datasets

Stealthy and difficult to detect

Abstract

The area of Machine Learning as a Service (MLaaS) is experiencing increased implementation due to recent advancements in the AI (Artificial Intelligence) industry. However, this spike has prompted concerns regarding AI defense mechanisms, specifically regarding potential covert attacks from third-party providers that cannot be entirely trusted. Recent research has uncovered that auditory backdoors may use certain modifications as their initiating mechanism. DynamicTrigger is introduced as a methodology for carrying out dynamic backdoor attacks that use cleverly designed tweaks to ensure that corrupted samples are indistinguishable from clean. By utilizing fluctuating signal sampling rates and masking speaker identities through dynamic sound triggers (such as the clapping of hands), it is possible to deceive speech recognition systems (ASR). Our empirical testing demonstrates that DynamicTrigger is both potent and stealthy, achieving impressive success rates during covert attacks while maintaining exceptional accuracy with non-poisoned datasets.