DUAP: Dual-task Universal Adversarial Perturbations Against Voice Control Systems
arXiv:2601.12786v2 Announce Type: replace Abstract: Modern Voice Control Systems (VCS) rely on the collaboration of Automatic Speech Recognition (ASR) and Speaker Recognition (SR) for secure interaction. However, prior adversarial attacks typically target these tasks in isolation, overlooking the coupled decision pipeline in real-world scenarios. Consequently, single-task attacks often fail to pose a practical threat. To fill this gap, we first utilize gradient analysis to reveal that ASR and SR exhibit no inherent conflicts. Building on this, we propose Dual-task Universal Adversarial Perturbation (DUAP). Specifically, DUAP employs a targeted surrogate objective to effectively disrupt ASR transcription and introduces a Dynamic Normalized Ensemble (DNE) strategy to enhance transferability
View PDF HTML (experimental)
Abstract:Modern Voice Control Systems (VCS) rely on the collaboration of Automatic Speech Recognition (ASR) and Speaker Recognition (SR) for secure interaction. However, prior adversarial attacks typically target these tasks in isolation, overlooking the coupled decision pipeline in real-world scenarios. Consequently, single-task attacks often fail to pose a practical threat. To fill this gap, we first utilize gradient analysis to reveal that ASR and SR exhibit no inherent conflicts. Building on this, we propose Dual-task Universal Adversarial Perturbation (DUAP). Specifically, DUAP employs a targeted surrogate objective to effectively disrupt ASR transcription and introduces a Dynamic Normalized Ensemble (DNE) strategy to enhance transferability across diverse SR models. Furthermore, we incorporate psychoacoustic masking to ensure perturbation imperceptibility. Extensive evaluations across five ASR and six SR models demonstrate that DUAP achieves high simultaneous attack success rates and superior imperceptibility, significantly outperforming existing single-task baselines.
Subjects:
Cryptography and Security (cs.CR)
Cite as: arXiv:2601.12786 [cs.CR]
(or arXiv:2601.12786v2 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2601.12786
arXiv-issued DOI via DataCite
Submission history
From: Suyang Sun [view email] [v1] Mon, 19 Jan 2026 07:39:22 UTC (261 KB) [v2] Tue, 31 Mar 2026 07:20:59 UTC (260 KB)
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
modelannouncevaluation
Defense-favoured coordination design sketches
This post is part of a sequence . Previous post: Strategic awareness tools: design sketches Intro We think that near-term AI could make it much easier for groups to coordinate, find positive-sum deals, navigate tricky disagreements, and hold each other to account. Partly, this is because AI will be able to process huge amounts of data quickly, making complex multi-party negotiations and discussions much more tractable. And partly it’s because secure enough AI systems would allow people to share sensitive information with trusted intermediaries without fear of broader disclosure, making it possible to coordinate around information that’s currently too sensitive to bring to the table, and to greatly improve our capacity for monitoring and transparency. We want to help people imagine what thi
AIs can now often do massive easy-to-verify SWE tasks and I've updated towards shorter timelines
I've recently updated towards substantially shorter AI timelines and much faster progress in some areas. [1] The largest updates I've made are (1) an almost 2x higher probability of full AI R&D automation by EOY 2028 (I'm now a bit below 30% [2] while I was previously expecting around 15% ; my guesses are pretty reflectively unstable) and (2) I expect much stronger short-term performance on massive and pretty difficult but easy-and-cheap-to-verify software engineering (SWE) tasks that don't require that much novel ideation [3] . For instance, I expect that by EOY 2026, AIs will have a 50%-reliability [4] time horizon of years to decades on reasonably difficult easy-and-cheap-to-verify SWE tasks that don't require much ideation (while the high reliability—for instance, 90%—time horizon will
The World Cup could be a breakout moment for drone defense tech
As the threat of drone attacks grows, the federal government is turning this summer into a proving ground for U.S. efforts to shore up aerial defenses at events like the World Cup. It may also serve as a launchpad for defense tech firms hoping to sell systems designed to intercept unmanned aerial vehicles. “Out of the World Cup, you’ll see the baseline for what law enforcement and critical infrastructure sites will then buy at scale,” says Jon Gruen, CEO of Fortem Technologies, which signed a multimillion-dollar deal to provide artificial intelligence systems, radar, and drone interdiction technology to U.S. cities hosting the tournament. “You’re going to see how it worked, and see how it all fits together.” A run of mega-events over the next few years, including this summer’s World Cup, e
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Models
Anthropic Ranks 5th in the AI Race According to AI Itself
The Paradox: Claude Is the Best AI Model, But Anthropic Ranks 5th in AI Visibility Everyone in the AI world seems to agree on one thing: Claude is exceptional. Developers praise its reasoning. Writers love its nuance. Researchers trust its accuracy. And yet, when we asked AI models to recommend AI companies, Anthropic barely made the top half of the list. That's not an opinion. That's data. We ran a four-day tracking study across 7 AI companies and 7 AI models , measuring how often each company appeared in AI-generated answers. The results were humbling — at least for Anthropic fans. OpenAI topped the chart at 82.85. No surprise. ChatGPT colonized public consciousness before most people knew what a large language model was. Brand ubiquity has a compounding effect, and OpenAI has been compo
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!