A Novel Model for Voice Command Fingerprinting Using Deep Learning

Smart speakers are becoming increasingly popular and permeate many aspects of human life. To improve the security of smart speakers, voice commands transmitted over a network are encrypted; however, user privacy issues related to smart speakers continue to emerge. In fact, attackers are still able to infer the content of a user’s specific voice commands from encrypted traffic through machine learning methods to obtain private information for advertising or to carry out malicious attacks. This traffic analysis attack is referred to as a voice command fingerprinting attack . In recent years, research on improving the accuracy of voice command fingerprinting attacks has become a hot topic and remains a challenging task. To improve the accuracy of voice command fingerprinting attacks, we design a new method in this paper. We use an adaptive and dilated residual network to process spatial features. In addition, we find that using temporal features helps improve fingerprinting attack accuracy, and therefore design an attention-based bidirectional gated recurrent unit. Then, we effectively combine the two models. Our method achieves an accuracy greater than 93.36% in a closed-world scenario, which exceeds those of other state-of-the-art methods (2020 WiSec Wang et al.). In a more realistic open-world setting, our model is still effective, obtaining a true-positive rate of 99.50% and a false-positive rate of 0.1% compared to Sirinam et al.’s rates of 90.66% and 0.1%, respectively. We also demonstrate that our model has good generalizability, as our model can also be applied to website fingerprinting and outperforms 2018 CCS Sirinam et al.