Devil in the Room: Triggering Audio Backdoors in the Physical World
Published in Proceedings of USENIX Security Symposium, 2024
Recommended citation: Meng Chen, Xiangyu Xu, Li Lu*, Zhongjie Ba, Feng Lin, Kui Ren. "Devil in the Room: Triggering Audio Backdoors in the Physical World." Proceedings of USENIX Security Symposium. Philadelphia, PA, USA. 2024. doi: to appear.
USENIX Security Symposium is one of the Big Four international conferences on cyber security. USENIX SEC is a CCF-A conference.
Abstract: Recent years have witnessed deep learning techniques endowing modern audio systems with powerful capabilities. However, the latest studies have revealed its strong reliance on training data, raising serious threats from backdoor attacks. Different from most existing works that study audio backdoors in the digital world, we investigate the mismatch between the trigger and backdoor in the physical space by examining sound channel distortion. Inspired by this observation, this paper proposes TrojanRoom to bridge the gap between digital and physical audio backdoor attacks. Trojan-Room utilizes the room impulse response (RIR) as a physical trigger to enable injection-free backdoor activation. By synthesizing dynamic RIRs and poisoning a source class of samples during data augmentation, TrojanRoom enables any adversary to launch an effective and stealthy attack using the specific impulse response in a room.