Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Trading Devil: Robust backdoor attack via Stochastic investment models and Bayesian approach

Orson Mengara

TL;DR

This paper addresses backdoor attacks on audio speech recognition by introducing MarketBack, a robust clean-label backdoor that leverages stochastic investment models to encode malicious content in audio. It fuses Bayesian diffusion sampling with drift functions from the Vasicek, Hull-White, and Longstaff-Schwartz models to design and sample poisoned data, enabling attacks that survive outsourced training. Experiments on the GTZAN dataset across seven Hugging Face transformer models show MarketBack achieving near-100% attack success while preserving benign accuracy at poisoning rates below 1%. The work highlights security risks for audio systems relying on outsourced data and provides a Bayesian-diffusion framework for evaluating and understanding audio backdoors under drift-driven dynamics.

Abstract

With the growing use of voice-activated systems and speech recognition technologies, the danger of backdoor attacks on audio data has grown significantly. This research looks at a specific type of attack, known as a Stochastic investment-based backdoor attack (MarketBack), in which adversaries strategically manipulate the stylistic properties of audio to fool speech recognition systems. The security and integrity of machine learning models are seriously threatened by backdoor attacks, in order to maintain the reliability of audio applications and systems, the identification of such attacks becomes crucial in the context of audio data. Experimental results demonstrated that MarketBack is feasible to achieve an average attack success rate close to 100% in seven victim models when poisoning less than 1% of the training data.

Trading Devil: Robust backdoor attack via Stochastic investment models and Bayesian approach

TL;DR

This paper addresses backdoor attacks on audio speech recognition by introducing MarketBack, a robust clean-label backdoor that leverages stochastic investment models to encode malicious content in audio. It fuses Bayesian diffusion sampling with drift functions from the Vasicek, Hull-White, and Longstaff-Schwartz models to design and sample poisoned data, enabling attacks that survive outsourced training. Experiments on the GTZAN dataset across seven Hugging Face transformer models show MarketBack achieving near-100% attack success while preserving benign accuracy at poisoning rates below 1%. The work highlights security risks for audio systems relying on outsourced data and provides a Bayesian-diffusion framework for evaluating and understanding audio backdoors under drift-driven dynamics.

Abstract

With the growing use of voice-activated systems and speech recognition technologies, the danger of backdoor attacks on audio data has grown significantly. This research looks at a specific type of attack, known as a Stochastic investment-based backdoor attack (MarketBack), in which adversaries strategically manipulate the stylistic properties of audio to fool speech recognition systems. The security and integrity of machine learning models are seriously threatened by backdoor attacks, in order to maintain the reliability of audio applications and systems, the identification of such attacks becomes crucial in the context of audio data. Experimental results demonstrated that MarketBack is feasible to achieve an average attack success rate close to 100% in seven victim models when poisoning less than 1% of the training data.
Paper Structure (11 sections, 4 theorems, 72 equations, 11 figures, 1 table, 6 algorithms)

This paper contains 11 sections, 4 theorems, 72 equations, 11 figures, 1 table, 6 algorithms.

Table of Contents

  1. Introduction
  2. Backdoor attack Machine Learning
  3. Finance Bayesian Approach
  4. Backdoor Diffusion Sampling Method.
  5. MarketBack: Attack Scenario.
  6. Experimental results
  7. Datasets Descritpion.
  8. Victim models.
  9. Evaluation Metrics.
  10. Characterizing the effectiveness of MarketBack.
  11. Bayesian a posteriori distribution.

Key Result

Theorem 1

Prices in the Hull-White https://nielsrom.com/professional/documents/HWModel.pdf?trk=article-ssr-frontend-pulse_little-text-block model Under the assumption of a short rate https://nielsrom.com/professional/documents/HWModel.pdf?trk=article-ssr-frontend-pulse_little-text-block that follows the Hull- where $f^M(0, t)$ denotes today's market forward rate at time $t, P^M(0, t)$ today's market price o

Figures (11)

  • Figure 1: Attacker's point of view: Large-scale training data often comes from public sites such as GitHub, StackOverflow, and Hugging Face. In fact, knowing that it is difficult to verify all datasets and their origin, it becomes difficult to eliminate poison element of data sources from external suppliers or repositories during the model deployment phase.
  • Figure 2: Illustrates the execution process of a backdoor attack. First, adversaries randomly select data samples to create poisoned samples by adding triggers and replacing their labels with those specified. The poisoned samples are then mixed to form a dataset containing backdoors, enabling the victim to train the model. Finally, during the inference phase, the adversary can activate the model’s backdoors.
  • Figure 3: Dataset GTZAN: Backdoor attack (MarketBack) on Transformer models from Hugging Face. The top graphs show three distinct clean spectrograms (for each genre with its unique ID (music)), and the bottom graphs show their respective (backdoored) equivalents (by MarketBack) (which predict the label set by the attacker, i.e., 3), with decisions taken by the whisper-large-v3 (OpenAI) model (table \ref{['table:v02_HugginFace backdoor']}).
  • Figure 4: Dataset GTZAN: Backdoor attack (MarketBack) Hull White Model simulation bayesian. Table \ref{['table:v02_HugginFace backdoor']}).
  • Figure 5: Dataset GTZAN: Backdoor attack (MarketBack) Vasiček Model simulation bayesian. Table \ref{['table:v02_HugginFace backdoor']}).
  • ...and 6 more figures

Theorems & Definitions (8)

  • proof
  • Theorem 1
  • Theorem 2
  • Remark
  • proof
  • Theorem 3
  • Definition 1: Longstaff-Schwartz
  • Theorem 4