{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T09:54:12Z","timestamp":1769507652469,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,26]],"date-time":"2022-10-26T00:00:00Z","timestamp":1666742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"JSPS","award":["19H04111"],"award-info":[{"award-number":["19H04111"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,26]]},"DOI":"10.1145\/3545948.3545970","type":"proceedings-article","created":{"date-parts":[[2022,10,17]],"date-time":"2022-10-17T11:21:49Z","timestamp":1666005709000},"page":"143-159","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Understanding the Behavior Transparency of Voice Assistant Applications Using the ChatterBox Framework"],"prefix":"10.1145","author":[{"given":"Atsuko","family":"Natatsuka","sequence":"first","affiliation":[{"name":"Waseda University, Japan"}]},{"given":"Ryo","family":"Iijima","sequence":"additional","affiliation":[{"name":"Waseda University, Japan"}]},{"given":"Takuya","family":"Watanabe","sequence":"additional","affiliation":[{"name":"NTT Social Informatics Laboratories, Japan"}]},{"given":"Mitsuaki","family":"Akiyama","sequence":"additional","affiliation":[{"name":"NTT Social Informatics Laboratories, Japan"}]},{"given":"Tetsuya","family":"Sakai","sequence":"additional","affiliation":[{"name":"Waseda University, Japan"}]},{"given":"Tatsuya","family":"Mori","sequence":"additional","affiliation":[{"name":"Waseda University\/NICT\/RIKEN AIP, Japan"}]}],"member":"320","published-online":{"date-parts":[[2022,10,26]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proc. 28th USENIX Security Symp.585\u2013602","author":"Andow Benjamin","year":"2019","unstructured":"Benjamin Andow , Samin\u00a0Yaseer Mahmud , Wenyu Wang , Justin Whitaker , William Enck , Bradley Reaves , Kapil Singh , and Tao Xie . 2019 . PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play . In Proc. 28th USENIX Security Symp.585\u2013602 . Benjamin Andow, Samin\u00a0Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. 2019. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. In Proc. 28th USENIX Security Symp.585\u2013602."},{"key":"e_1_3_2_1_2_1","volume-title":"Proc. 29th USENIX Security Symp.985\u20131002","author":"Andow Benjamin","year":"2020","unstructured":"Benjamin Andow , Samin\u00a0Yaseer Mahmud , Justin Whitaker , William Enck , Bradley Reaves , Kapil Singh , and Serge Egelman . 2020 . Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck . In Proc. 29th USENIX Security Symp.985\u20131002 . Benjamin Andow, Samin\u00a0Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. 2020. Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck. In Proc. 29th USENIX Security Symp.985\u20131002."},{"key":"e_1_3_2_1_3_1","unstructured":"Atsuko Natatsuka. [n.d.]. ChatterBox. https:\/\/github.com\/VAapp-system\/ChatterBox.  Atsuko Natatsuka. [n.d.]. ChatterBox. https:\/\/github.com\/VAapp-system\/ChatterBox."},{"key":"e_1_3_2_1_4_1","unstructured":"Ann Bies Mark Ferguson Karen Katz and Robert MacIntyre. 1995. Bracketing Guidelines for Treebank II Style Penn Treebank Project.  Ann Bies Mark Ferguson Karen Katz and Robert MacIntyre. 1995. Bracketing Guidelines for Treebank II Style Penn Treebank Project."},{"key":"e_1_3_2_1_5_1","unstructured":"Tom\u00a0B. Brown Benjamin Mann Nick Ryder Melanie Subbiah Jared Kaplan Prafulla Dhariwal Arvind Neelakantan Pranav Shyam Girish Sastry Amanda Askell Sandhini Agarwal Ariel Herbert-Voss Gretchen Krueger Tom Henighan Rewon Child Aditya Ramesh Daniel\u00a0M. Ziegler Jeffrey Wu Clemens Winter Christopher Hesse Mark Chen Eric Sigler Mateusz Litwin Scott Gray Benjamin Chess Jack Clark Christopher Berner Sam McCandlish Alec Radford Ilya Sutskever and Dario Amodei. 2020. Language Models are Few-Shot Learners. https:\/\/arxiv.org\/abs\/2005.14165  Tom\u00a0B. Brown Benjamin Mann Nick Ryder Melanie Subbiah Jared Kaplan Prafulla Dhariwal Arvind Neelakantan Pranav Shyam Girish Sastry Amanda Askell Sandhini Agarwal Ariel Herbert-Voss Gretchen Krueger Tom Henighan Rewon Child Aditya Ramesh Daniel\u00a0M. Ziegler Jeffrey Wu Clemens Winter Christopher Hesse Mark Chen Eric Sigler Mateusz Litwin Scott Gray Benjamin Chess Jack Clark Christopher Berner Sam McCandlish Alec Radford Ilya Sutskever and Dario Amodei. 2020. Language Models are Few-Shot Learners. https:\/\/arxiv.org\/abs\/2005.14165"},{"key":"e_1_3_2_1_6_1","volume-title":"Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. CoRR","author":"Carlini Nicholas","year":"2018","unstructured":"Nicholas Carlini and David\u00a0 A. Wagner . 2018. Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. CoRR ( 2018 ). Nicholas Carlini and David\u00a0A. Wagner. 2018. Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. CoRR (2018)."},{"key":"e_1_3_2_1_7_1","volume-title":"Proc. 29th USENIX Security Symp.2667\u20132684","author":"Chen Yuxuan","year":"2020","unstructured":"Yuxuan Chen , Xuejing Yuan , Jiangshan Zhang , Yue Zhao , Shengzhi Zhang , Kai Chen , and XiaoFeng Wang . 2020 . Devil\u2019s Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices . In Proc. 29th USENIX Security Symp.2667\u20132684 . Yuxuan Chen, Xuejing Yuan, Jiangshan Zhang, Yue Zhao, Shengzhi Zhang, Kai Chen, and XiaoFeng Wang. 2020. Devil\u2019s Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices. In Proc. 29th USENIX Security Symp.2667\u20132684."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423339"},{"key":"e_1_3_2_1_9_1","unstructured":"Chromium and WebDriver teams. [n.d.]. ChromeDriver. https:\/\/chromedriver.chromium.org\/home.  Chromium and WebDriver teams. [n.d.]. ChromeDriver. https:\/\/chromedriver.chromium.org\/home."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00043"},{"key":"e_1_3_2_1_11_1","volume-title":"Measuring nominal scale agreement among many raters.Psychological bulletin 76, 5","author":"Fleiss L","year":"1971","unstructured":"Joseph\u00a0 L Fleiss . 1971. Measuring nominal scale agreement among many raters.Psychological bulletin 76, 5 ( 1971 ), 378. Joseph\u00a0L Fleiss. 1971. Measuring nominal scale agreement among many raters.Psychological bulletin 76, 5 (1971), 378."},{"key":"e_1_3_2_1_12_1","unstructured":"Google. [n.d.]. Actions on Google. https:\/\/console.actions.google.com.  Google. [n.d.]. Actions on Google. https:\/\/console.actions.google.com."},{"key":"e_1_3_2_1_13_1","unstructured":"Google. [n.d.]. Google Assistant. https:\/\/developers.google.com\/assistant.  Google. [n.d.]. Google Assistant. https:\/\/developers.google.com\/assistant."},{"key":"e_1_3_2_1_14_1","unstructured":"Google. [n.d.]. Google Safe Browsing. https:\/\/developers.google.com\/safe-browsing\/.  Google. [n.d.]. Google Safe Browsing. https:\/\/developers.google.com\/safe-browsing\/."},{"key":"e_1_3_2_1_15_1","volume-title":"Proc. of 29th USENIX Security Symp.2649\u20132666","author":"Guo Zhixiu","year":"2020","unstructured":"Zhixiu Guo , Zijin Lin , Pan Li , and Kai Chen . 2020 . SkillExplorer: Understanding the Behavior of Skills in Large Scale . In Proc. of 29th USENIX Security Symp.2649\u20132666 . Zhixiu Guo, Zijin Lin, Pan Li, and Kai Chen. 2020. SkillExplorer: Understanding the Behavior of Skills in Large Scale. In Proc. of 29th USENIX Security Symp.2649\u20132666."},{"key":"e_1_3_2_1_16_1","volume-title":"Proc. 27th USENIX Security Symp.33\u201347","author":"Kumar Deepak","year":"2018","unstructured":"Deepak Kumar , Riccardo Paccagnella , Paul Murley , Eric Hennenfent , Joshua Mason , Adam Bates , and Michael Bailey . 2018 . Skill Squatting Attacks on Amazon Alexa . In Proc. 27th USENIX Security Symp.33\u201347 . Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, and Michael Bailey. 2018. Skill Squatting Attacks on Amazon Alexa. In Proc. 27th USENIX Security Symp.33\u201347."},{"key":"e_1_3_2_1_17_1","volume-title":"Measuring the Effectiveness of Privacy Policies for Voice Assistant Applications. In Annual Computer Security Applications Conference. 856\u2013869","author":"Liao Song","year":"2020","unstructured":"Song Liao , Christin Wilson , Long Cheng , Hongxin Hu , and Huixing Deng . 2020 . Measuring the Effectiveness of Privacy Policies for Voice Assistant Applications. In Annual Computer Security Applications Conference. 856\u2013869 . Song Liao, Christin Wilson, Long Cheng, Hongxin Hu, and Huixing Deng. 2020. Measuring the Effectiveness of Privacy Policies for Voice Assistant Applications. In Annual Computer Security Applications Conference. 856\u2013869."},{"key":"e_1_3_2_1_18_1","article-title":"Alexa, Who Am I Speaking To?: Understanding Users\u2019 Ability to Identify Third-Party Apps on Amazon Alexa","volume":"22","author":"Major David","year":"2021","unstructured":"David Major , Danny\u00a0Yuxing Huang , Marshini Chetty , and Nick Feamster . 2021 . Alexa, Who Am I Speaking To?: Understanding Users\u2019 Ability to Identify Third-Party Apps on Amazon Alexa . ACM Trans. Internet Technol. 22 , 1 (2021). David Major, Danny\u00a0Yuxing Huang, Marshini Chetty, and Nick Feamster. 2021. Alexa, Who Am I Speaking To?: Understanding Users\u2019 Ability to Identify Third-Party Apps on Amazon Alexa. ACM Trans. Internet Technol. 22, 1 (2021).","journal-title":"ACM Trans. Internet Technol."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/P14-5010"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D15-1276"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2631949"},{"key":"e_1_3_2_1_22_1","volume-title":"Proc. 15th USENIX Symp. on Networked Systems Design and Implementation. 547\u2013560","author":"Roy Nirupam","year":"2018","unstructured":"Nirupam Roy , Sheng Shen , Haitham Hassanieh , and Romit\u00a0Roy Choudhury . 2018 . Inaudible Voice Commands: The Long-Range Attack and Defense . In Proc. 15th USENIX Symp. on Networked Systems Design and Implementation. 547\u2013560 . Nirupam Roy, Sheng Shen, Haitham Hassanieh, and Romit\u00a0Roy Choudhury. 2018. Inaudible Voice Commands: The Long-Range Attack and Defense. In Proc. 15th USENIX Symp. on Networked Systems Design and Implementation. 547\u2013560."},{"key":"e_1_3_2_1_23_1","unstructured":"Selenium. [n.d.]. SeleniumHQ Browser Automation. https:\/\/www.selenium.dev\/.  Selenium. [n.d.]. SeleniumHQ Browser Automation. https:\/\/www.selenium.dev\/."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380179"},{"key":"e_1_3_2_1_25_1","volume-title":"Proc. 29th USENIX Security Symp.2631\u20132648","author":"Sugawara Takeshi","year":"2020","unstructured":"Takeshi Sugawara , Benjamin Cyr , Sara Rampazzi , Daniel Genkin , and Kevin Fu . 2020 . Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems . In Proc. 29th USENIX Security Symp.2631\u20132648 . Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu. 2020. Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems. In Proc. 29th USENIX Security Symp.2631\u20132648."},{"key":"e_1_3_2_1_26_1","unstructured":"RIKEN AIP Language Information Access\u00a0Technology Team. [n.d.]. Project SHINRA. http:\/\/shinra-project.info\/?lang=en.  RIKEN AIP Language Information Access\u00a0Technology Team. [n.d.]. Project SHINRA. http:\/\/shinra-project.info\/?lang=en."},{"key":"e_1_3_2_1_27_1","unstructured":"Team NLTK. [n.d.]. NLTK Documentation. https:\/\/www.nltk.org\/.  Team NLTK. [n.d.]. NLTK Documentation. https:\/\/www.nltk.org\/."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D18-2010"},{"key":"e_1_3_2_1_29_1","unstructured":"Kurohashi-Chu-Murawaki Lab.\u00a0Kyoto University. [n.d.]. Japanese Dependency and Case Structure Analyzer KNP. https:\/\/nlp.ist.i.kyoto-u.ac.jp\/EN\/?KNP.  Kurohashi-Chu-Murawaki Lab.\u00a0Kyoto University. [n.d.]. Japanese Dependency and Case Structure Analyzer KNP. https:\/\/nlp.ist.i.kyoto-u.ac.jp\/EN\/?KNP."},{"key":"e_1_3_2_1_30_1","volume-title":"9th USENIX Workshop on Offensive Technologies. 16","author":"Vaidya Tavish","year":"2015","unstructured":"Tavish Vaidya , Yuankai Zhang , Micah Sherr , and Clay Shields . 2015 . Cocaine Noodles: Exploiting the Gap between Human and Machine Speech Recognition . In 9th USENIX Workshop on Offensive Technologies. 16 . Tavish Vaidya, Yuankai Zhang, Micah Sherr, and Clay Shields. 2015. Cocaine Noodles: Exploiting the Gap between Human and Machine Speech Recognition. In 9th USENIX Workshop on Offensive Technologies. 16."},{"key":"e_1_3_2_1_31_1","unstructured":"Wikimedia Foundation. [n.d.]. Index of \/enwiki\/latest\/. https:\/\/dumps.wikimedia.org\/enwiki\/latest\/.  Wikimedia Foundation. [n.d.]. Index of \/enwiki\/latest\/. https:\/\/dumps.wikimedia.org\/enwiki\/latest\/."},{"key":"e_1_3_2_1_32_1","unstructured":"Wikimedia Foundation. [n.d.]. Index of \/jawiki\/latest\/. https:\/\/dumps.wikimedia.org\/jawiki\/latest\/.  Wikimedia Foundation. [n.d.]. Index of \/jawiki\/latest\/. https:\/\/dumps.wikimedia.org\/jawiki\/latest\/."},{"key":"e_1_3_2_1_33_1","volume-title":"Proc. 27th USENIX Security Symp.49\u201364","author":"Yuan Xuejing","year":"2018","unstructured":"Xuejing Yuan , Yuxuan Chen , Yue Zhao , Yunhui Long , Xiaokang Liu , Kai Chen , Shengzhi Zhang , Heqing Huang , XiaoFeng Wang , and Carl\u00a0 A. Gunter . 2018 . CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition . In Proc. 27th USENIX Security Symp.49\u201364 . Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen, Shengzhi Zhang, Heqing Huang, XiaoFeng Wang, and Carl\u00a0A. Gunter. 2018. CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition. In Proc. 27th USENIX Security Symp.49\u201364."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134052"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00016"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23525"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.2019.1800477"}],"event":{"name":"RAID 2022: 25th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Limassol Cyprus","acronym":"RAID 2022"},"container-title":["Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545970","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3545948.3545970","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:17Z","timestamp":1750188617000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545970"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,26]]},"references-count":37,"alternative-id":["10.1145\/3545948.3545970","10.1145\/3545948"],"URL":"https:\/\/doi.org\/10.1145\/3545948.3545970","relation":{},"subject":[],"published":{"date-parts":[[2022,10,26]]},"assertion":[{"value":"2022-10-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}