Recently, there is a great demand for experimenting with Artificial Intelligence (AI) algorithms on the Internet of Things (IoT) devices that have only limited computing or transmission resources. Hyper-Dimensional Computing (HDC), which can effectively run on low-cost CPUs, is one of the solutions. However, since the AI algorithms are proved to be vulnerable to Adversarial Examples (AE) in recent research, it is then important to investigate the same security issues on other intelligent algorithms such as HDC. In our paper, motivated by the AE attacks for AI algorithms, we propose an attack measured based on the Differential Evolution (DE), which does not rely on the gradient. By attacking the VoiceHD model in the Isolet dataset, we prove that HDC is also vulnerable to AEs. In our experimentation, we can launch non-targeted attacks on the VoiceHD with the highest 85.7% success rate.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
Tax calculation will be finalised during checkout.
LeCun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. Nature, 521(7553), 436.
Qiu, H., Zheng, Q., Memmi, G., Lu, J., Qiu, M., & Thuraisingham, B. (2020). Deep residual learning based enhanced JPEG compression in the internet of things. IEEE Transactions on Industrial Informatics.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems, 56, 684–700.
Qiu, H., Qiu, M., Lu, Z., & Gerard, M. (2019). An efficient key distribution system for data fusion in V2X heterogeneous networks. Information Fusion, 50, 212–220.
Lee, I., & Lee, K. (2015). The internet of things (iot): applications, investments, and challenges for enterprises. Business Horizons, 58(4), 431–440.
Fraga-Lamas, P., Fernández-Caramés, M.T., & Castedo, L. (2017). Towards the internet of smart trains: a review on industrial IoT-connected railways. Sensors.
Bengio, E., Bacon, P.-L., Pineau, J., & Precup, D. (2015). Conditional computation in neural networks for faster models. arXiv:1511.06297.
Qiu, M., Sha, E.H.-M., Liu, M., Lin, M., Hua, S., & Yang, L.T. (2008). Energy minimization with loop fusion and multi-functional-unit scheduling for multidimensional DSP. Journal of Parallel and Distributed Computing, 68(4), 443–455.
Kanerva, P. (2009). Hyperdimensional computing: an introduction to computing in distributed representation with high-dimensional random vectors. Cognitive Computation, 1(2), 139–159.
Rahimi, A., Kanerva, P., & Rabaey, J.M. (2016). A robust and energy-efficient classifier using brain-inspired hyperdimensional computing. In Proceedings of the 2016 international symposium on low power electronics and design (pp. 64–69).
Kanerva, P. (2010). What we mean when we say ‘What’s the dollar of mexico?’: prototypes and mapping in concept space. In 2010 AAAI fall symposium series.
Najafabadi, F.R., Rahimi, A., Kanerva, P., & Rabaey, J.M. (2016). Hyperdimensional computing for text classification. In Design, automation test in Europe conference exhibition (DATE), University Booth (pp. 1–1).
Qiu, H., Qiu, M., & Lu, Z. (2020). Selective encryption on ecg data in body sensor network based on supervised machine learning. Information Fusion, 55, 59–67.
Imani, M., Hwang, J., Rosing, T., Rahimi, A., & Rabaey, J.M. (2017). Low-power sparse hyperdimensional encoder for language recognition. IEEE Design & Test, 34(6), 94–101.
Räsänen, O.J. (2015). Generating hyperdimensional distributed representations from continuous-valued multivariate sensory input. In CogSci.
Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2013). Intriguing properties of neural networks. arXiv:1312.6199.
Evtimov, I., Eykholt, K., Fernandes, E., Kohno, T., Li, B., Prakash, A., Rahmati, A., & Song, D. (2017). Robust physical-world attacks on deep learning models. arXiv:1707.08945.
Xie, C., Wang, J., Zhang, Z., Zhou, Y., Xie, L., & Yuille, A. (2017). Adversarial examples for semantic segmentation and object detection. In Proceedings of the IEEE international conference on computer vision (pp. 1369–1378).
Taori, R., Kamsetty, A., Chu, B., & Vemuri, N. (2019). Targeted adversarial examples for black box audio systems. In 2019 IEEE security and privacy workshops (SPW) (pp. 15–20): IEEE.
Carlini, N., & Wagner, D. (2018). Audio adversarial examples: Targeted attacks on speech-to-text. In 2018 IEEE security and privacy workshops (SPW) (pp. 1–7): IEEE.
Yakura, H., & Sakuma, J. (2018). Robust audio adversarial example for a physical attack. arXiv:1810.11793.
Li, J., Ji, S., Du, T., Li, B., & Wang, T. (2018). Textbugger: generating adversarial text against real-world applications. arXiv:1812.05271.
Liu, X., Lin, Y., Li, H., & Zhang, J. (2018). Adversarial examples: attacks on machine learning-based malware visualization detection methods. arXiv:1808.01546.
Zhang, E.W., Sheng, Z.Q., Alhazmi, A., & Li, C. (2020). Adversarial attacks on deep-learning models in natural language processing: a survey. ACM Transactions on Intelligent Systems and Technology, 1–41.
Imani, M., Kong, D., Rahimi, A., & Rosing, T. (2017). VoiceHD: hyperdimensional computing for efficient speech recognition. In 2017 IEEE international conference on rebooting computing (ICRC) (pp. 1–8): IEEE.
Poddar, V., Chatterjee, B., Nandi, D., Ghosh, B., & Mondal, S. (2018). Data capturing and modeling by speech recognition - roles demonstrated by artificial intelligence, a survey. UEMCON, 1088–1092.
Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural Computation, 1735–1780.
Bahdanau, D., Chorowski, J., Serdyuk, D., Brakel, P., & Bengio, Y. (2016). End-to-end attention-based large vocabulary speech recognition. In 2016 IEEE international conference acoustics, speech and signal processing (pp. 4945–4949).
Smith, L., & Gal, Y. (2018). Understanding measures of uncertainty for adversarial example detection. UAI, 560–569.
Goodfellow, I.J., Shlens, J., & Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv:1412.6572.
Carlini, N., & Wagner, D. (2017). Towards evaluating the robustness of neural networks. In 2017 IEEE symposium on security and privacy (SP) (pp. 39–57): IEEE.
Moosavi-Dezfooli, S.-M., Fawzi, A., & Frossard, P. (2016). Deepfool: a simple and accurate method to fool deep neural networks. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 2574–2582).
Storn, R., & Price, V.K. (1997). Differential evolution – a simple and efficient heuristic for global optimization over continuous spaces. Journal of Global Optimization, 341–359.
Su, J., Vargas, V.D., & Sakurai, K. (2019). One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation, 828–841.
Fanty, M., Cole, R., & Muthusamy, Y. (1994). The isolet spoken letter database.
Fanty, A.M., & Cole, R. (1990). Spoken letter recognition. NIPS, 220–226.
Shao, Z., Xue, C., Zhuge, Q., Qiu, M., Xiao, B., & Sha, E.-M. (2006). Security protection and checking for embedded system integration against buffer overflow attacks via hardware/software. IEEE Transactions on Computers, 55(4), 443–453.
Li, J., Ming, Z., Qiu, M., Quan, G., Qin, X., & Chen, T. (2011). Resource allocation robustness in multi-core embedded systems with inaccurate information. Journal of Systems Architecture, 57(9), 840–849.
Gai, K., Qiu, M., & Zhao, H. (2017). Privacy-preserving data encryption strategy for big data in mobile cloud computing. IEEE Transactions on Big Data, 1–1.
Qiu, H., Noura, H., Qiu, M., Zhong, M., & Memmi, G. (2019). A user-centric data protection method for cloud storage based on invertible DWT. IEEE Transactions on Cloud Computing, 1–1.
Research Innovation Fund for College Students of Beijing University of Posts and Telecommunications. This work was supported in part by the Industrial Internet Research Institute (Jinan) of Beijing University of Posts and Telecommunications under Grant 201915001.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Chen, W., Li, H. Adversarial Attacks on Voice Recognition Based on Hyper Dimensional Computing. J Sign Process Syst (2021). https://doi.org/10.1007/s11265-020-01634-y
- Hyper-dimensional computing
- Adversarial examples
- Voice recognition