Acoustic backdoor attacks on speech recognition via frequency offset perturbation

With the increasing deployment of deep learning-based speech recognition systems, backdoor attacks have become a serious security threat, enabling adversaries to implant hidden triggers that activate malicious behaviors while preserving model performance on benign inputs. However, existing acoustic backdoor attacks, whether in the time or frequency domain, often struggle to achieve sufficient stealthiness, as poisoned samples either disrupt semantic integrity or introduce perceptible artifacts. Moreover, these methods typically fail to strike an effective balance among attack efficacy, stealthiness, and robustness. To address these limitations, we propose Shadow Frequency (SF), a novel backdoor attack that leverages psychoacoustic-guided frequency offset perturbations to inject imperceptible yet model-sensitive signals near dominant spectral components. This design ensures auditory imperceptibility while maintaining high attack effectiveness and robustness. Experimental results show that SF achieves over 96% ASR with minimal impact on clean data accuracy, and remains effective under common defenses, validating its practicality for real-world deployment.