Trojan Attacks and Defense for Speech Recognition

Publication Name

Communications in Computer and Information Science


Mobile devices commonly employ speech recognition (SR) techniques to facilitate user interaction. Typical voice assistants on mobile devices detect a wake word or phrase before allowing users to use voice commands. While the core functionality of contemporary SR systems relies on deep learning, researchers have shown that deep learning suffers from various security issues. Among these security threats, Trojan attacks in particular have attracted great interest in the research community. To conduct a Trojan attack, an adversary must stealthily modify a target model, such that the compromised model will output a predefined label whenever presented with a trigger. Most work in the literature has focused on Trojan attacks for image recognition, and there is limited work in the SR domain. Due to the increasing use of SR systems in daily devices, such as mobile phones, Trojan attacks for SR pose a great threat to the public and is therefore an important topic of concern to mobile internet security. Despite its growing importance, there has not been an extensive review conducted on Trojan attacks for SR. This paper fills this gap by presenting an overview of existing techniques of conducting Trojan attacks and defending against them for SR. The purpose is to provide researchers with an in-depth comparison of current methods and the challenges faced in this important research area.

Open Access Status

This publication is not available as open access


1544 CCIS

First Page


Last Page




Link to publisher version (DOI)