Haolin Wu, Wuhan University and Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, China; Chang Liu, University of Science and Technology of China; Jing Chen, Ruiying Du, Kun He, and Yu Zhang, Wuhan University and Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, China; Cong Wu and Tianwei Zhang, Nanyang Technological University; Qing Guo and Jie Zhang, CFAR and IHPC, A*STAR, Singapore
Speech translation, which converts a spoken language into another spoken or written language, has experienced rapid advance recently. However, the security in this domain remains underexplored. In this work, we uncover a novel security threat unique to speech translation systems, which is dubbed "untranslation attack". We observe that state-of-the-art (SOTA) models, despite their strong translation capabilities, exhibit an inherent tendency to output the content in the source speech language rather than the desired target language. Leveraging this phenomenon, we propose an attack model that deceives the system into outputting the source language content instead of translating it. Interestingly, we find that this approach achieves significant attack effectiveness with minimal overhead compared to traditional semantic perturbation attacks: it achieves a high attack success rate of 87.5% with a perturbation budget of as low as 0.001. Furthermore, we extend this approach to develop a universal perturbation attack, successfully testing it in the physical world.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
