Universal Adversarial Perturbations Generative Network for Speaker Recognition

TL;DR

This paper introduces a generative network that creates universal adversarial perturbations capable of fooling speaker recognition systems across different inputs, highlighting vulnerabilities in biometric deep learning models.

Contribution

It presents a novel generative approach to produce universal adversarial perturbations for speaker recognition, demonstrating their effectiveness and potential security risks.

Findings

Effective UAPs generated for speaker recognition systems

High success rate in spoofing models on TIMIT and LibriSpeech

Highlights security vulnerabilities in biometric systems

Abstract

Attacking deep learning based biometric systems has drawn more and more attention with the wide deployment of fingerprint/face/speaker recognition systems, given the fact that the neural networks are vulnerable to the adversarial examples, which have been intentionally perturbed to remain almost imperceptible for human. In this paper, we demonstrated the existence of the universal adversarial perturbations~(UAPs) for the speaker recognition systems. We proposed a generative network to learn the mapping from the low-dimensional normal distribution to the UAPs subspace, then synthesize the UAPs to perturbe any input signals to spoof the well-trained speaker recognition model with high probability. Experimental results on TIMIT and LibriSpeech datasets demonstrate the effectiveness of our model.