Your Voice is Not Yours? Black-Box Adversarial Attacks Against Speaker Recognition Systems

被引:0
作者
Ye, Jianbin [1 ]
Lin, Fuqiang [1 ]
Liu, Xiaoyuan [1 ]
Liu, Bo [1 ]
机构
[1] Natl Univ Def Technol, Coll Comp Sci & Technol, Changsha, Peoples R China
来源
2022 IEEE INTL CONF ON PARALLEL & DISTRIBUTED PROCESSING WITH APPLICATIONS, BIG DATA & CLOUD COMPUTING, SUSTAINABLE COMPUTING & COMMUNICATIONS, SOCIAL COMPUTING & NETWORKING, ISPA/BDCLOUD/SOCIALCOM/SUSTAINCOM | 2022年
关键词
Deep Learning; Speaker Recognition; Adversarial Example; Black-box Attack;
D O I
10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00094
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Speaker recognition (SR) systems play an essential part in many applications, such as speech control access systems and voice verification, where robustness is crucial for daily use. Therefore, the vulnerability of SR systems has become a hot study of interest. Notably, recent studies prove that SR systems are vulnerable to adversarial attacks. These kinds of attacks generate adversarial examples by adding a well-crafted inconspicuous perturbation to the original audio to fool the target model into making false predictions. However, dominant works conduct attacks in the white-box setting, which suffers from limited practices since the model parameters and architectures are usually unavailable in real-world scenarios. To this end, we propose a black-box based framework without requiring details of the target model. We leverage gradient estimation procedure based on natural evolution strategy to generate adversarial examples. The gradient estimation only needs confidence scores and decisions produced by SR systems. We also explore genetic algorithm to guide the direction of example generation, which accelerates model convergence. The experiments demonstrate that our approach can manipulate state-of-the-art SR systems at a high attack success rate of 97.5% with small distortions. Extensive investigations on benchmark datasets, VoxCeleb1, VoxCeleb2, and TIMIT, further verify the effectiveness and stealthiness of our attack method.
引用
收藏
页码:692 / 699
页数:8
相关论文
共 50 条
[41]   Black-box attacks on face recognition via affine-invariant training [J].
Bowen Sun ;
Hang Su ;
Shibao Zheng .
Neural Computing and Applications, 2024, 36 :8549-8564
[42]   Black-box attacks on face recognition via affine-invariant training [J].
Sun, Bowen ;
Su, Hang ;
Zheng, Shibao .
NEURAL COMPUTING & APPLICATIONS, 2024, 36 (15) :8549-8564
[43]   Research Status of Black-Box Intelligent Adversarial Attack Algorithms [J].
Wei, Jian ;
Song, Xiaoqing ;
Wang, Qinzhao .
Computer Engineering and Applications, 2023, 59 (13) :61-73
[44]   HYBRID ADVERSARIAL SAMPLE CRAFTING FOR BLACK-BOX EVASION ATTACK [J].
Zheng, Juan ;
He, Zhimin ;
Lin, Zhe .
2017 INTERNATIONAL CONFERENCE ON WAVELET ANALYSIS AND PATTERN RECOGNITION (ICWAPR), 2017, :236-242
[45]   Besting the Black-Box: Barrier Zones for Adversarial Example Defense [J].
Mahmood, Kaleel ;
Phuong Ha Nguyen ;
Nguyen, Lam M. ;
Nguyen, Thanh ;
Van Dijk, Marten .
IEEE ACCESS, 2022, 10 :1451-1474
[46]   Substitute Meta-Learning for Black-Box Adversarial Attack [J].
Hu, Cong ;
Xu, Hao-Qi ;
Wu, Xiao-Jun .
IEEE SIGNAL PROCESSING LETTERS, 2022, 29 :2472-2476
[47]   Transferable universal adversarial perturbations against speaker recognition systems [J].
Liu, Xiaochen ;
Tan, Hao ;
Zhang, Junjian ;
Li, Aiping ;
Gu, Zhaoquan .
WORLD WIDE WEB-INTERNET AND WEB INFORMATION SYSTEMS, 2024, 27 (03)
[48]   Protecting the Intellectual Property of Speaker Recognition Model by Black-Box Watermarking in the Frequency Domain [J].
Wang, Yumin ;
Wu, Hanzhou .
SYMMETRY-BASEL, 2022, 14 (03)
[49]   Toward Visual Distortion in Black-Box Attacks [J].
Li, Nannan ;
Chen, Zhenzhong .
IEEE TRANSACTIONS ON IMAGE PROCESSING, 2021, 30 :6156-6167
[50]   Practical black-box adversarial attack on open-set recognition: Towards robust autonomous driving [J].
Yanfei Wang ;
Kai Zhang ;
Kejie Lu ;
Yun Xiong ;
Mi Wen .
Peer-to-Peer Networking and Applications, 2023, 16 :295-311