0x00 USENIX Security 2020

• Void: A fast and light voice liveness detection system
• Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems
• Preech: A System for Privacy-Preserving Speech Transcription

0x01 NDSS

2020

• Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems
• SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves

2019

• Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding
• Practical Hidden V oice Attacks against Speech and Speaker Recognition Systems

0x02 CCS

2020

• AdvPulse: Universal, Synchronization-free, and Targeted Audio Adversarial Attacks via Subsecond Perturbations
• When the Differences in Frequency Domain are Compensated:Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition

0x03 ACSAC

2020

• Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems
• Voice Mimicry Attacks Assisted by Automatic Speaker Verification

2019

• Defeating Hidden Audio Channel Attacks on Voice Assistants via Audio-Induced Surface Vibrations

0x04 AAAI

2020

• Weighted-Sampling Audio Adversarial Example Attack

0x05 模型传递性类论文汇总

1. Improving Transferability of Adversarial Examples With Input Diversity

https://ieeexplore.ieee.org/document/8953423

“our method applies random transformations to the input images at each iteration”

1. ENHANCING THE TRANSFERABILITY OF ADVERSARIAL EXAMPLES WITH NOISE REDUCED GRADIENT

https://openreview.net/forum?id=ryvxcPeAb

noise reduced gradient

1. Curls & Whey: Boosting Black-Box Adversarial Attacks

https://arxiv.org/pdf/1904.01160.pdf

1. Enhancing Adversarial Example Transferability with an Intermediate Level Attack

https://arxiv.org/pdf/1907.10823.pdf

中间层梯度选取

1. Measuring the Transferability of Adversarial Examples

https://arxiv.org/pdf/1907.06291.pdf

FGSM BIM CW三种方法测量transfer效果

1. Learning Transferable Adversarial Examples via Ghost Networks

https://arxiv.org/pdf/1812.03413.pdf

用另外一个model辅助

1. Structure-Preserving Transformation: Generating Diverse and Transferable Adversarial Examples.

https://arxiv.org/pdf/1809.02786.pdf

image specific方法 以前的AE修改的不自然 transfer成功率低 利用 Structure-Preserving Transformation 方法提高自然和迁移

1. Understanding and Enhancing the Transferability of Adversarial Examples.

https://arxiv.org/pdf/1802.09707.pdf

systematically study how two classes of factors that might influence the transferability of adversarial examples. One is about model-specific factors. The other is the local smoothness of loss function. propose variance-reduced attack(vr-FGSM)

1. Backpropagating Linearly Improves Transferability of Adversarial Examples

https://arxiv.org/pdf/2012.03528.pdf

1. A UNIFIED APPROACH TO INTERPRETING AND BOOSTING ADVERSARIAL TRANSFERABILITY

https://arxiv.org/pdf/2010.04055.pdf

提出interaction loss

1. Perturbing Across the Feature Hierarchy to Improve Standard and Strict Blackbox Attack Transferability

https://arxiv.org/pdf/2004.14861.pdf

1. Enhancing Cross-task Black-Box Transferability of Adversarial Examples with Dispersion Reduction

https://arxiv.org/pdf/1911.11616.pdf

1. Cross-Representation Transferability of Adversarial Attacks: From Spectrograms to Audio Waveforms

https://arxiv.org/pdf/1910.10106.pdf

语音工作

1. Efficient and Transferable Adversarial Examples from Bayesian Neural Networks

https://arxiv.org/pdf/2011.05074.pdf

1. Making Adversarial Examples More Transferable and Indistinguishable

https://arxiv.org/pdf/2007.03838.pdf