NSF Org: |
CNS Division Of Computer and Network Systems |
Recipient: |
|
Initial Amendment Date: | August 25, 2021 |
Latest Amendment Date: | August 25, 2021 |
Award Number: | 2114220 |
Award Instrument: | Standard Grant |
Program Manager: |
Karen Karavanic
kkaravan@nsf.gov (703)292-2594 CNS Division Of Computer and Network Systems CSE Direct For Computer & Info Scie & Enginr |
Start Date: | October 1, 2021 |
End Date: | September 30, 2024 (Estimated) |
Total Intended Award Amount: | $330,000.00 |
Total Awarded Amount to Date: | $330,000.00 |
Funds Obligated to Date: |
|
History of Investigator: |
|
Recipient Sponsored Research Office: |
3 RUTGERS PLZ NEW BRUNSWICK NJ US 08901-8559 (848)932-0150 |
Sponsor Congressional District: |
|
Primary Place of Performance: |
NJ US 08854-3925 |
Primary Place of Performance Congressional District: |
|
Unique Entity Identifier (UEI): |
|
Parent UEI: |
|
NSF Program(s): | Secure &Trustworthy Cyberspace |
Primary Program Source: |
|
Program Reference Code(s): |
|
Program Element Code(s): |
|
Award Agency Code: | 4900 |
Fund Agency Code: | 4900 |
Assistance Listing Number(s): | 47.070 |
ABSTRACT
Powered by the advancement of artificial intelligence (AI) techniques, the next-generation voice-controllable IoT and edge systems have substantially facilitated people?s daily lives. Such systems include voice assistant systems and voice authenticated mobile banking, among many others. However, the underlying machine learning approaches used in these systems, are inherently vulnerable to audio adversarial attacks, in which an adversary can mislead the machine learning models via injecting imperceptible perturbation to the original audio input. Given the widespread adoption of voice-controllable IoT and edge systems in many privacy-critical and safety-critical applications, e.g., personal banking and autonomous driving, the in-depth understanding and investigation of severity and consequences of audio-based adversarial attack as well as the corresponding defense solutions, are highly demanded. This project will perform a comprehensive study and analysis of the vulnerability and robustness of voice-controllable IoT and edge systems against audio-domain adversarial attacks in both temporal and spatial perspectives. The research outcome of this project will form solid foundations for building trustworthy voice-controllable IoT and edge systems. The developed defense techniques will improve the security of many intelligent audio systems, such as automatic speech recognition (ASR), keyword spotting, and speaker recognition. This project will involve underrepresented students, undergraduate and graduate students, and K-12 students through a variety of engaging programs.
The objective of this project is to demonstrate the feasibility of audio adversarial attacks in the physical world, determine the attack severity and consequences, and further develop defending strategies in practical environments to build attack-resilient voice-controllable Internet-of-Things (IoT) devices and edge systems. To study the possibility and severity of audio adversarial attacks in a practical time-constraint setting, the project will develop low-cost audio-agnostic synchronization-free attack launching schemes, including audio-specific fast adversarial perturbation generator and universal adversarial perturbation generator. To investigate how the adversarial perturbations survive various propagation factors in realistic environments, the project will analyze the audio distortions caused by the over-the-air propagation using an advanced room impulse response simulator and physical environment measurements. The project will also develop several defense techniques, including defensive denoiser, model enhancement, and microphone-array-based liveness detection. The presented technique will help to secure the voice-controllable IoT and edge devices under audio adversarial attacks. The project will also contribute to a new computing paradigm in audio-based adversarial machine learning in both theoretic foundations as well as safety-critical audio-oriented emerging applications.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
Please report errors in award information by writing to: awardsearch@nsf.gov.