{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T23:40:32Z","timestamp":1768520432696,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":67,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,2]],"date-time":"2023-10-02T00:00:00Z","timestamp":1696204800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2310207"],"award-info":[{"award-number":["CNS-2310207"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1950171"],"award-info":[{"award-number":["CNS-1950171"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2226888"],"award-info":[{"award-number":["CNS-2226888"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CCF-2007159"],"award-info":[{"award-number":["CCF-2007159"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,2]]},"DOI":"10.1145\/3570361.3613261","type":"proceedings-article","created":{"date-parts":[[2023,9,30]],"date-time":"2023-09-30T22:39:36Z","timestamp":1696113576000},"page":"1-15","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["MASTERKEY: Practical Backdoor Attack Against Speaker Verification Systems"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3779-4679","authenticated-orcid":false,"given":"Hanqing","family":"Guo","sequence":"first","affiliation":[{"name":"Michigan State University, East Lansing, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5208-7775","authenticated-orcid":false,"given":"Xun","family":"Chen","sequence":"additional","affiliation":[{"name":"Samsung Research America, Mountain View, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-0419-4442","authenticated-orcid":false,"given":"Junfeng","family":"Guo","sequence":"additional","affiliation":[{"name":"UT Dallas, Dallas, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2861-8438","authenticated-orcid":false,"given":"Li","family":"Xiao","sequence":"additional","affiliation":[{"name":"Michigan State University, East Lansing, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6272-7668","authenticated-orcid":false,"given":"Qiben","family":"Yan","sequence":"additional","affiliation":[{"name":"Michigan State University, East Lansing, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2023,10,2]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"1993. TIMIT Acoustic-Phonetic Continuous Speech Corpus. https:\/\/catalog.ldc.upenn.edu\/LDC93S1. Accessed: 2021-11-04.  1993. TIMIT Acoustic-Phonetic Continuous Speech Corpus. https:\/\/catalog.ldc.upenn.edu\/LDC93S1. Accessed: 2021-11-04."},{"key":"e_1_3_2_1_2_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Ahmed Muhammad Ejaz","year":"2020","unstructured":"Muhammad Ejaz Ahmed , Il-Youp Kwak , Jun Ho Huh , Iljoo Kim , Taekkyung Oh , and Hyoungshick Kim . 2020 . Void: A fast and light voice liveness detection system . In 29th USENIX Security Symposium (USENIX Security 20) . 2685--2702. Muhammad Ejaz Ahmed, Il-Youp Kwak, Jun Ho Huh, Iljoo Kim, Taekkyung Oh, and Hyoungshick Kim. 2020. Void: A fast and light voice liveness detection system. In 29th USENIX Security Symposium (USENIX Security 20). 2685--2702."},{"key":"e_1_3_2_1_3_1","volume-title":"2014 International conference of the biometrics special interest group (BIOSIG). IEEE, 1--6.","author":"Alegre Federico","year":"2014","unstructured":"Federico Alegre , Artur Janicki , and Nicholas Evans . 2014 . Re-assessing the threat of replay spoofing attacks against automatic speaker verification . In 2014 International conference of the biometrics special interest group (BIOSIG). IEEE, 1--6. Federico Alegre, Artur Janicki, and Nicholas Evans. 2014. Re-assessing the threat of replay spoofing attacks against automatic speaker verification. In 2014 International conference of the biometrics special interest group (BIOSIG). IEEE, 1--6."},{"key":"e_1_3_2_1_4_1","unstructured":"AWS. 2022. AWS Voice ID. AWS. https:\/\/aws.amazon.com\/connect\/voice-id\/.  AWS. 2022. AWS Voice ID. AWS. https:\/\/aws.amazon.com\/connect\/voice-id\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Chase. 2022. Chase Voice ID. Chase. https:\/\/www.chase.com\/personal\/voice-biometrics.  Chase. 2022. Chase Voice ID. Chase. https:\/\/www.chase.com\/personal\/voice-biometrics."},{"key":"e_1_3_2_1_6_1","volume-title":"Detecting backdoor attacks on deep neural networks by activation clustering. arXiv preprint arXiv:1811.03728","author":"Chen Bryant","year":"2018","unstructured":"Bryant Chen , Wilka Carvalho , Nathalie Baracaldo , Heiko Ludwig , Benjamin Edwards , Taesung Lee , Ian Molloy , and Biplav Srivastava . 2018. Detecting backdoor attacks on deep neural networks by activation clustering. arXiv preprint arXiv:1811.03728 ( 2018 ). Bryant Chen, Wilka Carvalho, Nathalie Baracaldo, Heiko Ludwig, Benjamin Edwards, Taesung Lee, Ian Molloy, and Biplav Srivastava. 2018. Detecting backdoor attacks on deep neural networks by activation clustering. arXiv preprint arXiv:1811.03728 (2018)."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00004"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23055"},{"key":"e_1_3_2_1_9_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Chen Yuxuan","year":"2020","unstructured":"Yuxuan Chen , Xuejing Yuan , Jiangshan Zhang , Yue Zhao , Shengzhi Zhang , Kai Chen , and XiaoFeng Wang . 2020 . {Devil's} whisper: A general approach for physical adversarial attacks against commercial black-box speech recognition devices . In 29th USENIX Security Symposium (USENIX Security 20) . 2667--2684. Yuxuan Chen, Xuejing Yuan, Jiangshan Zhang, Yue Zhao, Shengzhi Zhang, Kai Chen, and XiaoFeng Wang. 2020. {Devil's} whisper: A general approach for physical adversarial attacks against commercial black-box speech recognition devices. In 29th USENIX Security Symposium (USENIX Security 20). 2667--2684."},{"key":"e_1_3_2_1_10_1","volume-title":"Voxceleb2: Deep speaker recognition. arXiv preprint arXiv:1806.05622","author":"Chung Joon Son","year":"2018","unstructured":"Joon Son Chung , Arsha Nagrani , and Andrew Zisserman . 2018. Voxceleb2: Deep speaker recognition. arXiv preprint arXiv:1806.05622 ( 2018 ). Joon Son Chung, Arsha Nagrani, and Andrew Zisserman. 2018. Voxceleb2: Deep speaker recognition. arXiv preprint arXiv:1806.05622 (2018)."},{"key":"e_1_3_2_1_11_1","volume-title":"2023 IEEE Symposium on Security and Privacy (SP). IEEE, 1789--1806","author":"Dai Donghui","year":"2023","unstructured":"Donghui Dai , Zhenlin An , and Lei Yang . 2023 . Inducing wireless chargers to voice out for inaudible command attacks . In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 1789--1806 . Donghui Dai, Zhenlin An, and Lei Yang. 2023. Inducing wireless chargers to voice out for inaudible command attacks. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 1789--1806."},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 755--767","author":"Deng Jiangyi","year":"2022","unstructured":"Jiangyi Deng , Yanjiao Chen , and Wenyuan Xu . 2022 . FenceSitter: Blackbox, Content-Agnostic, and Synchronization-Free Enrollment-Phase Attacks on Speaker Recognition Systems . In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 755--767 . Jiangyi Deng, Yanjiao Chen, and Wenyuan Xu. 2022. FenceSitter: Blackbox, Content-Agnostic, and Synchronization-Free Enrollment-Phase Attacks on Speaker Recognition Systems. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 755--767."},{"key":"e_1_3_2_1_13_1","volume-title":"2009 IEEE International Conference on Acoustics, Speech and Signal Processing. IEEE, 3893--3896","author":"Desai Srinivas","year":"2009","unstructured":"Srinivas Desai , E Veera Raghavendra , B Yegnanarayana , Alan W Black , and Kishore Prahallad . 2009 . Voice conversion using artificial neural networks . In 2009 IEEE International Conference on Acoustics, Speech and Signal Processing. IEEE, 3893--3896 . Srinivas Desai, E Veera Raghavendra, B Yegnanarayana, Alan W Black, and Kishore Prahallad. 2009. Voice conversion using artificial neural networks. In 2009 IEEE International Conference on Acoustics, Speech and Signal Processing. IEEE, 3893--3896."},{"key":"e_1_3_2_1_14_1","volume-title":"Ecapa-tdnn: Emphasized channel attention, propagation and aggregation in tdnn based speaker verification. arXiv preprint arXiv:2005.07143","author":"Desplanques Brecht","year":"2020","unstructured":"Brecht Desplanques , Jenthe Thienpondt , and Kris Demuynck . 2020 . Ecapa-tdnn: Emphasized channel attention, propagation and aggregation in tdnn based speaker verification. arXiv preprint arXiv:2005.07143 (2020). Brecht Desplanques, Jenthe Thienpondt, and Kris Demuynck. 2020. Ecapa-tdnn: Emphasized channel attention, propagation and aggregation in tdnn based speaker verification. arXiv preprint arXiv:2005.07143 (2020)."},{"key":"e_1_3_2_1_15_1","volume-title":"UOR: Universal Backdoor Attacks on Pre-trained Language Models. arXiv preprint arXiv:2305.09574","author":"Du Wei","year":"2023","unstructured":"Wei Du , Peixuan Li , Boqun Li , Haodong Zhao , and Gongshen Liu . 2023 . UOR: Universal Backdoor Attacks on Pre-trained Language Models. arXiv preprint arXiv:2305.09574 (2023). Wei Du, Peixuan Li, Boqun Li, Haodong Zhao, and Gongshen Liu. 2023. UOR: Universal Backdoor Attacks on Pre-trained Language Models. arXiv preprint arXiv:2305.09574 (2023)."},{"key":"e_1_3_2_1_16_1","unstructured":"Eastern. 2022. Easternbank Voice ID. Eastern. https:\/\/www.easternbank.com\/personal-banking\/mobile-online\/voice-id.  Eastern. 2022. Easternbank Voice ID. Eastern. https:\/\/www.easternbank.com\/personal-banking\/mobile-online\/voice-id."},{"key":"e_1_3_2_1_17_1","unstructured":"Navy Federal. 2022. Navy Federal Credit Union Voice ID. Navy Federal. https:\/\/www.navyfederal.org\/services\/security\/voice-id.html.  Navy Federal. 2022. Navy Federal Credit Union Voice ID. Navy Federal. https:\/\/www.navyfederal.org\/services\/security\/voice-id.html."},{"key":"e_1_3_2_1_18_1","unstructured":"FirstHorizon. 2022. FirstHorizon Voice ID. FirstHorizon. https:\/\/www.firsthorizon.com\/Personal\/Support\/Security-and-Fraud-Protection\/Voice-Biometrics.  FirstHorizon. 2022. FirstHorizon Voice ID. FirstHorizon. https:\/\/www.firsthorizon.com\/Personal\/Support\/Security-and-Fraud-Protection\/Voice-Biometrics."},{"key":"e_1_3_2_1_19_1","volume-title":"Keith Achorn, Anjali Gopi, David Kanter, Maximilian Lam, Mark Mazumder, and Vijay Janapa Reddi.","author":"Galvez Daniel","year":"2021","unstructured":"Daniel Galvez , Greg Diamos , Juan Ciro , Juan Felipe Cer\u00f3n , Keith Achorn, Anjali Gopi, David Kanter, Maximilian Lam, Mark Mazumder, and Vijay Janapa Reddi. 2021 . The People's Speech: A Large-Scale Diverse English Speech Recognition Dataset for Commercial Usage . arXiv preprint arXiv:2111.09344 (2021). Daniel Galvez, Greg Diamos, Juan Ciro, Juan Felipe Cer\u00f3n, Keith Achorn, Anjali Gopi, David Kanter, Maximilian Lam, Mark Mazumder, and Vijay Janapa Reddi. 2021. The People's Speech: A Large-Scale Diverse English Speech Recognition Dataset for Commercial Usage. arXiv preprint arXiv:2111.09344 (2021)."},{"key":"e_1_3_2_1_20_1","volume-title":"Crafting adversarial examples for speech paralinguistics applications. arXiv preprint arXiv:1711.03280","author":"Gong Yuan","year":"2017","unstructured":"Yuan Gong and Christian Poellabauer . 2017. Crafting adversarial examples for speech paralinguistics applications. arXiv preprint arXiv:1711.03280 ( 2017 ). Yuan Gong and Christian Poellabauer. 2017. Crafting adversarial examples for speech paralinguistics applications. arXiv preprint arXiv:1711.03280 (2017)."},{"key":"e_1_3_2_1_21_1","unstructured":"Google. 2021. Google Assistant. https:\/\/assistant.google.com\/.  Google. 2021. Google Assistant. https:\/\/assistant.google.com\/."},{"key":"e_1_3_2_1_22_1","volume-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu , Brendan Dolan-Gavitt , and Siddharth Garg . 2017 . Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017). Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 1353--1366","author":"Guo Hanqing","year":"2022","unstructured":"Hanqing Guo , Yuanda Wang , Nikolay Ivanov , Li Xiao , and Qiben Yan . 2022 . Specpatch: Human-in-the-loop adversarial audio spectrogram patch attack on speech recognition . In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 1353--1366 . Hanqing Guo, Yuanda Wang, Nikolay Ivanov, Li Xiao, and Qiben Yan. 2022. Specpatch: Human-in-the-loop adversarial audio spectrogram patch attack on speech recognition. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 1353--1366."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security. 1019--1033","author":"Guo Hanqing","year":"2022","unstructured":"Hanqing Guo , Qiben Yan , Nikolay Ivanov , Ying Zhu , Li Xiao , and Eric J Hunter . 2022 . Supervoice: Text-independent speaker verification using ultrasound energy in human speech . In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security. 1019--1033 . Hanqing Guo, Qiben Yan, Nikolay Ivanov, Ying Zhu, Li Xiao, and Eric J Hunter. 2022. Supervoice: Text-independent speaker verification using ultrasound energy in human speech. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security. 1019--1033."},{"key":"e_1_3_2_1_26_1","volume-title":"AEVA: Black-box Backdoor Detection Using Adversarial Extreme Value Analysis. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=OM_lYiHXiCL","author":"Guo Junfeng","year":"2022","unstructured":"Junfeng Guo , Ang Li , and Cong Liu . 2022 . AEVA: Black-box Backdoor Detection Using Adversarial Extreme Value Analysis. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=OM_lYiHXiCL Junfeng Guo, Ang Li, and Cong Liu. 2022. AEVA: Black-box Backdoor Detection Using Adversarial Extreme Value Analysis. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=OM_lYiHXiCL"},{"key":"e_1_3_2_1_27_1","unstructured":"Junfeng Guo Ang Li and Cong Liu. 2023. Backdoor Detection and Mitigation in Competitive Reinforcement Learning. arXiv:2202.03609 [cs.LG]  Junfeng Guo Ang Li and Cong Liu. 2023. Backdoor Detection and Mitigation in Competitive Reinforcement Learning. arXiv:2202.03609 [cs.LG]"},{"key":"e_1_3_2_1_28_1","volume-title":"Scale-up: An efficient black-box input-level backdoor detection via analyzing scaled prediction consistency. arXiv preprint arXiv:2302.03251","author":"Guo Junfeng","year":"2023","unstructured":"Junfeng Guo , Yiming Li , Xun Chen , Hanqing Guo , Lichao Sun , and Cong Liu . 2023 . Scale-up: An efficient black-box input-level backdoor detection via analyzing scaled prediction consistency. arXiv preprint arXiv:2302.03251 (2023). Junfeng Guo, Yiming Li, Xun Chen, Hanqing Guo, Lichao Sun, and Cong Liu. 2023. Scale-up: An efficient black-box input-level backdoor detection via analyzing scaled prediction consistency. arXiv preprint arXiv:2302.03251 (2023)."},{"key":"e_1_3_2_1_29_1","unstructured":"Junfeng Guo and Cong Liu. 2020. Practical Poisoning Attacks on Neural Networks. In ECCV.  Junfeng Guo and Cong Liu. 2020. Practical Poisoning Attacks on Neural Networks. In ECCV."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2021.01.009"},{"key":"e_1_3_2_1_31_1","volume-title":"listen, and attack: Backdoor attacks against video action recognition. arXiv preprint arXiv:2301.00986","author":"Al Kader Hammoud Hasan Abed","year":"2023","unstructured":"Hasan Abed Al Kader Hammoud , Shuming Liu , Mohammad Alkhrasi , Fahad AlBalawi , and Bernard Ghanem . 2023. Look , listen, and attack: Backdoor attacks against video action recognition. arXiv preprint arXiv:2301.00986 ( 2023 ). Hasan Abed Al Kader Hammoud, Shuming Liu, Mohammad Alkhrasi, Fahad AlBalawi, and Bernard Ghanem. 2023. Look, listen, and attack: Backdoor attacks against video action recognition. arXiv preprint arXiv:2301.00986 (2023)."},{"key":"e_1_3_2_1_32_1","unstructured":"HarryVolek. 2018. HarryVolek GE2E. https:\/\/github.com\/HarryVolek.  HarryVolek. 2018. HarryVolek GE2E. https:\/\/github.com\/HarryVolek."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2016.7472652"},{"key":"e_1_3_2_1_35_1","unstructured":"HSBC. 2022. HSBC Voice ID. HSBC. https:\/\/www.us.hsbc.com\/customer-service\/voice\/x.  HSBC. 2022. HSBC Voice ID. HSBC. https:\/\/www.us.hsbc.com\/customer-service\/voice\/x."},{"key":"e_1_3_2_1_36_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Hussain Shehzeen","year":"2021","unstructured":"Shehzeen Hussain , Paarth Neekhara , Shlomo Dubnov , Julian McAuley , and Farinaz Koushanfar . 2021 . {WaveGuard}: Understanding and Mitigating Audio Adversarial Examples . In 30th USENIX Security Symposium (USENIX Security 21) . 2273--2290. Shehzeen Hussain, Paarth Neekhara, Shlomo Dubnov, Julian McAuley, and Farinaz Koushanfar. 2021. {WaveGuard}: Understanding and Mitigating Audio Adversarial Examples. In 30th USENIX Security Symposium (USENIX Security 21). 2273--2290."},{"key":"e_1_3_2_1_37_1","volume-title":"Yonghui Wu, et al.","author":"Jia Ye","year":"2018","unstructured":"Ye Jia , Yu Zhang , Ron Weiss , Quan Wang , Jonathan Shen , Fei Ren , Patrick Nguyen , Ruoming Pang , Ignacio Lopez Moreno , Yonghui Wu, et al. 2018 . Transfer learning from speaker verification to multispeaker text-to-speech synthesis. Advances in neural information processing systems 31 (2018). Ye Jia, Yu Zhang, Ron Weiss, Quan Wang, Jonathan Shen, Fei Ren, Patrick Nguyen, Ruoming Pang, Ignacio Lopez Moreno, Yonghui Wu, et al. 2018. Transfer learning from speaker verification to multispeaker text-to-speech synthesis. Advances in neural information processing systems 31 (2018)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2018.8462693"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3581791.3596837"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484755"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423348"},{"key":"e_1_3_2_1_42_1","volume-title":"25th Annual Network And Distributed System Security Symposium (NDSS","author":"Liu Yingqi","year":"2018","unstructured":"Yingqi Liu , Shiqing Ma , Yousra Aafer , Wen-Chuan Lee , Juan Zhai , Weihang Wang , and Xiangyu Zhang . 2018 . Trojaning attack on neural networks . In 25th Annual Network And Distributed System Security Symposium (NDSS 2018). Internet Soc. Yingqi Liu, Shiqing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang, and Xiangyu Zhang. 2018. Trojaning attack on neural networks. In 25th Annual Network And Distributed System Security Symposium (NDSS 2018). Internet Soc."},{"key":"e_1_3_2_1_43_1","volume-title":"2023 IEEE Symposium on Security and Privacy (SP). IEEE, 3399--3415","author":"Ni Tao","year":"2023","unstructured":"Tao Ni , Xiaokuan Zhang , Chaoshun Zuo , Jianfeng Li , Zhenyu Yan , Wubing Wang , Weitao Xu , Xiapu Luo , and Qingchuan Zhao . 2023 . Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels . In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 3399--3415 . Tao Ni, Xiaokuan Zhang, Chaoshun Zuo, Jianfeng Li, Zhenyu Yan, Wubing Wang, Weitao Xu, Xiapu Luo, and Qingchuan Zhao. 2023. Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 3399--3415."},{"key":"e_1_3_2_1_44_1","volume-title":"Wavenet: A generative model for raw audio. arXiv preprint arXiv:1609.03499","author":"van den Oord Aaron","year":"2016","unstructured":"Aaron van den Oord , Sander Dieleman , Heiga Zen , Karen Simonyan , Oriol Vinyals , Alex Graves , Nal Kalchbrenner , Andrew Senior , and Koray Kavukcuoglu . 2016 . Wavenet: A generative model for raw audio. arXiv preprint arXiv:1609.03499 (2016). Aaron van den Oord, Sander Dieleman, Heiga Zen, Karen Simonyan, Oriol Vinyals, Alex Graves, Nal Kalchbrenner, Andrew Senior, and Koray Kavukcuoglu. 2016. Wavenet: A generative model for raw audio. arXiv preprint arXiv:1609.03499 (2016)."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2015.7178964"},{"key":"e_1_3_2_1_46_1","volume-title":"15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18)","author":"Roy Nirupam","year":"2018","unstructured":"Nirupam Roy , Sheng Shen , Haitham Hassanieh , and Romit Roy Choudhury . 2018 . Inaudible voice commands: The {Long-Range} attack and defense . In 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18) . 547--560. Nirupam Roy, Sheng Shen, Haitham Hassanieh, and Romit Roy Choudhury. 2018. Inaudible voice commands: The {Long-Range} attack and defense. In 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18). 547--560."},{"key":"e_1_3_2_1_47_1","volume-title":"30th USENIX security symposium (USENIX security 21). 1487--1504.","author":"Severi Giorgio","unstructured":"Giorgio Severi , Jim Meyer , Scott Coull , and Alina Oprea . 2021. {Explanation-Guided} backdoor poisoning attacks against malware classifiers. In 30th USENIX security symposium (USENIX security 21). 1487--1504. Giorgio Severi, Jim Meyer, Scott Coull, and Alina Oprea. 2021. {Explanation-Guided} backdoor poisoning attacks against malware classifiers. In 30th USENIX security symposium (USENIX security 21). 1487--1504."},{"key":"e_1_3_2_1_48_1","volume-title":"Poison frogs! targeted clean-label poisoning attacks on neural networks. Advances in neural information processing systems 31","author":"Shafahi Ali","year":"2018","unstructured":"Ali Shafahi , W Ronny Huang , Mahyar Najibi , Octavian Suciu , Christoph Studer , Tudor Dumitras , and Tom Goldstein . 2018. Poison frogs! targeted clean-label poisoning attacks on neural networks. Advances in neural information processing systems 31 ( 2018 ). Ali Shafahi, W Ronny Huang, Mahyar Najibi, Octavian Suciu, Christoph Studer, Tudor Dumitras, and Tom Goldstein. 2018. Poison frogs! targeted clean-label poisoning attacks on neural networks. Advances in neural information processing systems 31 (2018)."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2018.8461368"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3495243.3560531"},{"key":"e_1_3_2_1_51_1","article-title":"Hey siri: An on-device dnn-powered voice trigger for apple's personal assistant","volume":"1","author":"Team Siri","year":"2017","unstructured":"Siri Team . 2017 . Hey siri: An on-device dnn-powered voice trigger for apple's personal assistant . Apple Machine Learning Journal 1 , 6 (2017). Siri Team. 2017. Hey siri: An on-device dnn-powered voice trigger for apple's personal assistant. Apple Machine Learning Journal 1, 6 (2017).","journal-title":"Apple Machine Learning Journal"},{"key":"e_1_3_2_1_52_1","unstructured":"Alexander Turner Dimitris Tsipras and Aleksander Madry. 2018. Clean-label backdoor attacks. (2018).  Alexander Turner Dimitris Tsipras and Aleksander Madry. 2018. Clean-label backdoor attacks. (2018)."},{"key":"e_1_3_2_1_53_1","unstructured":"Verizon. 2022. Verizon Voice ID. Verizon. https:\/\/www.verizon.com\/support\/voice-id-faqs\/.  Verizon. 2022. Verizon Voice ID. Verizon. https:\/\/www.verizon.com\/support\/voice-id-faqs\/."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2018.8462665"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"e_1_3_2_1_56_1","volume-title":"Ghosttalk: Interactive attack on smartphone voice system through power line. arXiv preprint arXiv:2202.02585","author":"Wang Yuanda","year":"2022","unstructured":"Yuanda Wang , Hanqing Guo , and Qiben Yan . 2022 . Ghosttalk: Interactive attack on smartphone voice system through power line. arXiv preprint arXiv:2202.02585 (2022). Yuanda Wang, Hanqing Guo, and Qiben Yan. 2022. Ghosttalk: Interactive attack on smartphone voice system through power line. arXiv preprint arXiv:2202.02585 (2022)."},{"key":"e_1_3_2_1_57_1","unstructured":"Wechat. 2015. Wechat Voice ID. Wechat. https:\/\/blog.wechat.com\/2015\/05\/21\/voiceprint-the-new-wechat-password\/.  Wechat. 2015. Wechat Voice ID. Wechat. https:\/\/blog.wechat.com\/2015\/05\/21\/voiceprint-the-new-wechat-password\/."},{"key":"e_1_3_2_1_58_1","volume-title":"Defending against Adversarial Audio via Diffusion Model. arXiv preprint arXiv:2303.01507","author":"Wu Shutong","year":"2023","unstructured":"Shutong Wu , Jiongxiao Wang , Wei Ping , Weili Nie , and Chaowei Xiao . 2023. Defending against Adversarial Audio via Diffusion Model. arXiv preprint arXiv:2303.01507 ( 2023 ). Shutong Wu, Jiongxiao Wang, Wei Ping, Weili Nie, and Chaowei Xiao. 2023. Defending against Adversarial Audio via Diffusion Model. arXiv preprint arXiv:2303.01507 (2023)."},{"key":"e_1_3_2_1_59_1","volume-title":"Signal and Information Processing Association Annual Summit and Conference (APSIPA)","author":"Wu Zhizheng","year":"2014","unstructured":"Zhizheng Wu , Sheng Gao , Eng Siong Cling , and Haizhou Li . 2014 . A study on replay attack and anti-spoofing for text-dependent speaker verification . In Signal and Information Processing Association Annual Summit and Conference (APSIPA) , 2014 Asia-Pacific. IEEE, 1--5. Zhizheng Wu, Sheng Gao, Eng Siong Cling, and Haizhou Li. 2014. A study on replay attack and anti-spoofing for text-dependent speaker verification. In Signal and Information Processing Association Annual Summit and Conference (APSIPA), 2014 Asia-Pacific. IEEE, 1--5."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24068"},{"key":"e_1_3_2_1_61_1","volume-title":"27th USENIX security symposium (USENIX security 18). 49--64.","author":"Yuan Xuejing","unstructured":"Xuejing Yuan , Yuxuan Chen , Yue Zhao , Yunhui Long , Xiaokang Liu , Kai Chen , Shengzhi Zhang , Heqing Huang , Xiaofeng Wang , and Carl A Gunter . 2018. {CommanderSong} : A systematic approach for practical adversarial voice recognition . In 27th USENIX security symposium (USENIX security 18). 49--64. Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen, Shengzhi Zhang, Heqing Huang, Xiaofeng Wang, and Carl A Gunter. 2018. {CommanderSong}: A systematic approach for practical adversarial voice recognition. In 27th USENIX security symposium (USENIX security 18). 49--64."},{"key":"e_1_3_2_1_62_1","volume-title":"Lingjuan Lyu, Meikang Qiu, and Ruoxi Jia.","author":"Zeng Yi","year":"2022","unstructured":"Yi Zeng , Minzhou Pan , Hoang Anh Just , Lingjuan Lyu, Meikang Qiu, and Ruoxi Jia. 2022 . Narcissus : A practical clean-label backdoor attack with limited information. arXiv preprint arXiv:2204.05255 (2022). Yi Zeng, Minzhou Pan, Hoang Anh Just, Lingjuan Lyu, Meikang Qiu, and Ruoxi Jia. 2022. Narcissus: A practical clean-label backdoor attack with limited information. arXiv preprint arXiv:2204.05255 (2022)."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP39728.2021.9413468"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134052"},{"key":"e_1_3_2_1_65_1","volume-title":"ARET: Aggregated Residual Extended Time-Delay Neural Networks for Speaker Verification.. In INTERSPEECH. 946--950.","author":"Zhang Ruiteng","year":"2020","unstructured":"Ruiteng Zhang , Jianguo Wei , Wenhuan Lu , Longbiao Wang , Meng Liu , Lin Zhang , Jiayu Jin , and Junhai Xu . 2020 . ARET: Aggregated Residual Extended Time-Delay Neural Networks for Speaker Verification.. In INTERSPEECH. 946--950. Ruiteng Zhang, Jianguo Wei, Wenhuan Lu, Longbiao Wang, Meng Liu, Lin Zhang, Jiayu Jin, and Junhai Xu. 2020. ARET: Aggregated Residual Extended Time-Delay Neural Networks for Speaker Verification.. In INTERSPEECH. 946--950."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.01445"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485383"}],"event":{"name":"ACM MobiCom '23: 29th Annual International Conference on Mobile Computing and Networking","location":"Madrid Spain","acronym":"ACM MobiCom '23","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing"]},"container-title":["Proceedings of the 29th Annual International Conference on Mobile Computing and Networking"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3570361.3613261","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:27Z","timestamp":1750182567000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3570361.3613261"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,2]]},"references-count":67,"alternative-id":["10.1145\/3570361.3613261","10.1145\/3570361"],"URL":"https:\/\/doi.org\/10.1145\/3570361.3613261","relation":{},"subject":[],"published":{"date-parts":[[2023,10,2]]},"assertion":[{"value":"2023-10-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}