| The traditional counter attack mainly points to the disturbance noise disturbance that is difficult for human beings to perceive in the specific data type samples,which can realize the attack effects such as evasion and imitation,so as to achieve the purpose of wrong prediction results of target recognition and even target induced recognition results.As a special countermeasure attack,the general countermeasure against disturbance can maintain the countermeasure effect against most samples in the same category in the whole data set while maintaining small disturbance.At present,with the widespread application of deep learning model in the fields of mobile phone voice assistant,smart home housekeeper and voice assisted driving,the deep learning model itself is vulnerable to the negative impact of anti attack,which may make the voice command recognition system face some security problems.However,considering that the traditional anti attack methods can not take into account the relationship between the timing of voice instructions,real-time attack,universality and imperceptibility of irrelevant categories at the same time,and the general anti disturbance can be used as the load to solve the above attack restrictions,this thesis will explore how to design a general anti disturbance scheme for voice command control system.This thesis uses the constructed speech instruction classification and recognition model based on bilstm network as the target model.Firstly,two general disturbance generation algorithms are designed combined with PGD and C&W algorithms respectively;Secondly,the imperceptibility and concealment of irrelevant category of the two algorithms are optimized to improve the recognition performance of irrelevant category instructions and make them more difficult to be perceived by human beings;Finally,considering the practicability of the general disturbance in the real environment,the principle of cyclic shift is used to improve the robustness of the disturbance signal against the time delay of different people’s voice position and speech speed.Combined with the physical world effect simulation of the channel change of the playback equipment and the multipath effect,the robustness of the general disturbance against the factors affecting the signal distortion when playing in the physical world is improved.In addition,several groups of simulation experiments are designed to verify the effectiveness of the general disturbance generation scheme designed in digital space and physical world.Experiments show that the proposed general disturbance generation scheme can achieve more than 95% attack performance against the target speech classification model without any settings;The imperceptibility loss optimization and concealment improvement of the design also greatly improve the recognition performance and self concealment of general disturbances in irrelevant categories;The general disturbance generation scheme combined with cyclic shift and physical environment simulation can achieve more than 65% attack performance for the target speech classification model and 85% recognition performance for irrelevant category items under the condition of setting appropriate factors such as volume,distance and angle between physical devices.It realizes the effectiveness of playing general disturbances in the physical world without affecting the recognition model to recognize other categories. |
PDF Full Text Request