EventTrojan: Manipulating Non-Intrusive Speech Quality Assessment via Imperceptible Events

TL;DR

This paper introduces EventTrojan, a novel backdoor attack on non-intrusive speech quality assessment models that uses imperceptible events as triggers, demonstrating high effectiveness and resistance to defenses.

Contribution

The paper presents a new backdoor attack method for NISQA models using event-based triggers and proposes an objective metric for evaluating backdoor attacks on regression tasks.

Findings

EventTrojan achieves high attack success rates on four datasets.

The attack demonstrates robustness against several defense strategies.

It effectively manipulates speech quality assessments without detection.

Abstract

Non-Intrusive speech quality assessment (NISQA) has gained significant attention for predicting speech's mean opinion score (MOS) without requiring the reference speech. Researchers have gradually started to apply NISQA to various practical scenarios. However, little attention has been paid to the security of NISQA models. Backdoor attacks represent the most serious threat to deep neural networks (DNNs) due to the fact that backdoors possess a very high attack success rate once embedded. However, existing backdoor attacks assume that the attacker actively feeds samples containing triggers into the model during the inference phase. This is not adapted to the specific scenario of NISQA. And current backdoor attacks on regression tasks lack an objective metric to measure the attack performance. To address these issues, we propose a novel backdoor triggering approach (EventTrojan) that utilizes an event during the usage of the NISQA model as a trigger. Moreover, we innovatively provide an objective metric for backdoor attacks on regression tasks. Extensive experiments on four benchmark datasets demonstrate the effectiveness of the EventTrojan attack. Besides, it also has good resistance to several defense methods.