Measuring the Functionality of Amazon Alexa and Google Home Applications

Voice Personal Assistant (VPA) is a software agent, which can interpret the user's voice commands and respond with appropriate information or action. The users can operate the VPA by voice to complete multiple tasks, such as read the message, order coffee, send an email, check the news, and so...

Full description

Bibliographic Details
Main Author: Wang, Jiamin
Other Authors: Computer Science and Application
Format: Others
Language:en_US
Published: Virginia Tech 2020
Subjects:
Online Access:http://hdl.handle.net/10919/97316
id ndltd-VTETD-oai-vtechworks.lib.vt.edu-10919-97316
record_format oai_dc
spelling ndltd-VTETD-oai-vtechworks.lib.vt.edu-10919-973162021-04-24T05:40:16Z Measuring the Functionality of Amazon Alexa and Google Home Applications Wang, Jiamin Computer Science and Application Wang, Gang Alan Xin, Hongliang Bimal, Viswanath Natural Language Processing convolutional neural networks Active learning RAKE security Voice Personal Assistant (VPA) is a software agent, which can interpret the user's voice commands and respond with appropriate information or action. The users can operate the VPA by voice to complete multiple tasks, such as read the message, order coffee, send an email, check the news, and so on. Although this new technique brings in interesting and useful features, they also pose new privacy and security risks. The current researches have focused on proof-of-concept attacks by pointing out the potential ways of launching the attacks, e.g., craft hidden voice commands to trigger malicious actions without noticing the user, fool the VPA to invoke the wrong applications. However, lacking a comprehensive understanding of the functionality of the skills and its commands prevents us from analyzing the potential threats of these attacks systematically. In this project, we developed convolutional neural networks with active learning and keyword-based approach to investigate the commands according to their capability (information retrieval or action injection) and sensitivity (sensitive or nonsensitive). Through these two levels of analysis, we will provide a complete view of VPA skills, and their susceptibility to the existing attacks. M.S. Voice Personal Assistant (VPA) is a software agent, which can interpret the users' voice commands and respond with appropriate information or action. The current popular VPAs are Amazon Alexa, Google Home, Apple Siri and Microsoft Cortana. The developers can build and publish third-party applications, called skills in Amazon Alex and actions in Google Homes on the VPA server. The users simply "talk" to the VPA devices to complete different tasks, like read the message, order coffee, send an email, check the news, and so on. Although this new technique brings in interesting and useful features, they also pose new potential security threats. Recent researches revealed that the vulnerabilities exist in the VPA ecosystems. The users can incorrectly invoke the malicious skill whose name has similar pronunciations to the user-intended skill. The inaudible voice triggers the unintended actions without noticing users. All the current researches focused on the potential ways of launching the attacks. The lack of a comprehensive understanding of the functionality of the skills and its commands prevents us from analyzing the potential consequences of these attacks systematically. In this project, we carried out an extensive analysis of third-party applications from Amazon Alexa and Google Home to characterize the attack surfaces. First, we developed a convolutional neural network with active learning framework to categorize the commands according to their capability, whether they are information retrieval or action injection commands. Second, we employed the keyword-based approach to classifying the commands into sensitive and nonsensitive classes. Through these two levels of analysis, we will provide a complete view of VPA skills' functionality, and their susceptibility to the existing attacks. 2020-03-12T13:03:05Z 2020-03-12T13:03:05Z 2020-01 Thesis http://hdl.handle.net/10919/97316 en_US Creative Commons Attribution-ShareAlike 4.0 International http://creativecommons.org/licenses/by-sa/4.0/ ETD application/pdf Virginia Tech
collection NDLTD
language en_US
format Others
sources NDLTD
topic Natural Language Processing
convolutional neural networks
Active learning
RAKE
security
spellingShingle Natural Language Processing
convolutional neural networks
Active learning
RAKE
security
Wang, Jiamin
Measuring the Functionality of Amazon Alexa and Google Home Applications
description Voice Personal Assistant (VPA) is a software agent, which can interpret the user's voice commands and respond with appropriate information or action. The users can operate the VPA by voice to complete multiple tasks, such as read the message, order coffee, send an email, check the news, and so on. Although this new technique brings in interesting and useful features, they also pose new privacy and security risks. The current researches have focused on proof-of-concept attacks by pointing out the potential ways of launching the attacks, e.g., craft hidden voice commands to trigger malicious actions without noticing the user, fool the VPA to invoke the wrong applications. However, lacking a comprehensive understanding of the functionality of the skills and its commands prevents us from analyzing the potential threats of these attacks systematically. In this project, we developed convolutional neural networks with active learning and keyword-based approach to investigate the commands according to their capability (information retrieval or action injection) and sensitivity (sensitive or nonsensitive). Through these two levels of analysis, we will provide a complete view of VPA skills, and their susceptibility to the existing attacks. === M.S. === Voice Personal Assistant (VPA) is a software agent, which can interpret the users' voice commands and respond with appropriate information or action. The current popular VPAs are Amazon Alexa, Google Home, Apple Siri and Microsoft Cortana. The developers can build and publish third-party applications, called skills in Amazon Alex and actions in Google Homes on the VPA server. The users simply "talk" to the VPA devices to complete different tasks, like read the message, order coffee, send an email, check the news, and so on. Although this new technique brings in interesting and useful features, they also pose new potential security threats. Recent researches revealed that the vulnerabilities exist in the VPA ecosystems. The users can incorrectly invoke the malicious skill whose name has similar pronunciations to the user-intended skill. The inaudible voice triggers the unintended actions without noticing users. All the current researches focused on the potential ways of launching the attacks. The lack of a comprehensive understanding of the functionality of the skills and its commands prevents us from analyzing the potential consequences of these attacks systematically. In this project, we carried out an extensive analysis of third-party applications from Amazon Alexa and Google Home to characterize the attack surfaces. First, we developed a convolutional neural network with active learning framework to categorize the commands according to their capability, whether they are information retrieval or action injection commands. Second, we employed the keyword-based approach to classifying the commands into sensitive and nonsensitive classes. Through these two levels of analysis, we will provide a complete view of VPA skills' functionality, and their susceptibility to the existing attacks.
author2 Computer Science and Application
author_facet Computer Science and Application
Wang, Jiamin
author Wang, Jiamin
author_sort Wang, Jiamin
title Measuring the Functionality of Amazon Alexa and Google Home Applications
title_short Measuring the Functionality of Amazon Alexa and Google Home Applications
title_full Measuring the Functionality of Amazon Alexa and Google Home Applications
title_fullStr Measuring the Functionality of Amazon Alexa and Google Home Applications
title_full_unstemmed Measuring the Functionality of Amazon Alexa and Google Home Applications
title_sort measuring the functionality of amazon alexa and google home applications
publisher Virginia Tech
publishDate 2020
url http://hdl.handle.net/10919/97316
work_keys_str_mv AT wangjiamin measuringthefunctionalityofamazonalexaandgooglehomeapplications
_version_ 1719399184615866368