IO-RAE: Information-Obfuscation Reversible Adversarial Example for Audio Privacy Protection

TL;DR

This paper presents IO-RAE, a reversible adversarial framework that obfuscates audio data to protect privacy from unauthorized analysis while allowing high-quality recovery, demonstrating high misguidance rates and minimal quality loss.

Contribution

Introduces IO-RAE, a novel reversible adversarial approach utilizing large language models and a new attack technique to safeguard audio privacy without degrading audio quality.

Findings

Achieved 96.5% targeted misguidance rate.

Attained 100% untargeted misguidance rate.

Recovered audio quality with a PESQ score of 4.45.

Abstract

The rapid advancements in artificial intelligence have significantly accelerated the adoption of speech recognition technology, leading to its widespread integration across various applications. However, this surge in usage also highlights a critical issue: audio data is highly vulnerable to unauthorized exposure and analysis, posing significant privacy risks for businesses and individuals. This paper introduces an Information-Obfuscation Reversible Adversarial Example (IO-RAE) framework, the pioneering method designed to safeguard audio privacy using reversible adversarial examples. IO-RAE leverages large language models to generate misleading yet contextually coherent content, effectively preventing unauthorized eavesdropping by humans and Automatic Speech Recognition (ASR) systems. Additionally, we propose the Cumulative Signal Attack technique, which mitigates high-frequency noise and enhances attack efficacy by targeting low-frequency signals. Our approach ensures the protection of audio data without degrading its quality or our ability. Experimental evaluations demonstrate the superiority of our method, achieving a targeted misguidance rate of 96.5% and a remarkable 100% untargeted misguidance rate in obfuscating target keywords across multiple ASR models, including a commercial black-box system from Google. Furthermore, the quality of the recovered audio, measured by the Perceptual Evaluation of Speech Quality score, reached 4.45, comparable to high-quality original recordings. Notably, the recovered audio processed by ASR systems exhibited an error rate of 0%, indicating nearly lossless recovery. These results highlight the practical applicability and effectiveness of our IO-RAE framework in protecting sensitive audio privacy.