Multi-Target Backdoor Attacks Against Speaker Recognition
Alexandrine Fortier, Sonal Joshi, Thomas Thebaud, Jes\'us Villalba, Najim Dehak, Patrick Cardinal
TL;DR
This paper introduces a multi-target backdoor attack on speaker recognition systems using position-independent clicking sounds, achieving high success rates across multiple speakers and under varied noise conditions.
Contribution
It presents a novel multi-target backdoor attack method for speaker recognition, extending to verification tasks and analyzing trade-offs between stealth and effectiveness.
Findings
Achieves up to 95.04% success rate on multiple speakers.
Effective in speaker verification with success rates up to 90%.
Demonstrates trade-off between attack stealth and success.
Abstract
In this work, we propose a multi-target backdoor attack against speaker identification using position-independent clicking sounds as triggers. Unlike previous single-target approaches, our method targets up to 50 speakers simultaneously, achieving success rates of up to 95.04%. To simulate more realistic attack conditions, we vary the signal-to-noise ratio between speech and trigger, demonstrating a trade-off between stealth and effectiveness. We further extend the attack to the speaker verification task by selecting the most similar training speaker - based on cosine similarity - as a proxy target. The attack is most effective when target and enrolled speaker pairs are highly similar, reaching success rates of up to 90% in such cases.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSpeech Recognition and Synthesis · Adversarial Robustness in Machine Learning · Speech and Audio Processing