Institute of Computing Technology, Chinese Academy IR
| Learning to Fool the Speaker Recognition | |
| Li, Jiguo1,2; Zhang, Xinfeng3; Xu, Jizheng4; Ma, Siwei5; Gao, Wen5 | |
| 2021-10-01 | |
| 发表期刊 | ACM TRANSACTIONS ON MULTIMEDIA COMPUTING COMMUNICATIONS AND APPLICATIONS
 |
| ISSN | 1551-6857 |
| 卷号 | 17期号:3页码:21 |
| 摘要 | Due to the widespread deployment of fingerprint/face/speaker recognition systems, the risk in these systems, especially the adversarial attack, has drawn increasing attention in recent years. Previous researches mainly studied the adversarial attack to the vision-based systems, such as fingerprint and face recognition. While the attack for speech-based systems has not been well studied yet, although it has been widely used in our daily life. In this article, we attempt to fool the state-of-the-art speaker recognition model and present speaker recognition attacker, a lightweight multi-layer convolutional neural network to fool the well-trained state-of-the-art speaker recognition model by adding imperceptible perturbations onto the raw speech waveform. We find that the speaker recognition system is vulnerable to the adversarial attack, and achieve a high success rate on both the non-targeted attack and targeted attack. Besides, we present an effective method by leveraging a pretrained phoneme recognition model to optimize the speaker recognition attacker to obtain a tradeoff between the attack success rate and the perceptual quality. Experimental results on the TIMIT and LibriSpeech datasets demonstrate the effectiveness and efficiency of our proposed model. And the experiments for frequency analysis indicate that high-frequency attack is more effective than low-frequency attack, which is different from the conclusion drawn in previous image-based works. Additionally, the ablation study gives more insights into our model. |
| 关键词 | Audio forensics adversarial attack deep neural network |
| DOI | 10.1145/3468673 |
| 收录类别 | SCI |
| 语种 | 英语 |
| 资助项目 | National Science Foundation of China[62025101620] ; National Science Foundation of China[61961130392] ; PKU-Baidu Fund[2019BD003] ; High-performance Computing Platform of Peking University |
| WOS研究方向 | Computer Science |
| WOS类目 | Computer Science, Information Systems ; Computer Science, Software Engineering ; Computer Science, Theory & Methods |
| WOS记录号 | WOS:000738280600011 |
| 出版者 | ASSOC COMPUTING MACHINERY |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.204/handle/2XEOYT63/18369 |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Ma, Siwei |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, 6 Kexueyuan South Rd, Beijing 100190, Peoples R China 2.Univ Chinese Acad Sci, 6 Kexueyuan South Rd, Beijing 100190, Peoples R China 3.Univ Chinese Acad Sci, 19A Yuquan Rd, Beijing 100049, Peoples R China 4.Bytedance Inc, 48A Zhichun Rd, Beijing 100191, Peoples R China 5.Peking Univ, 5 Yiheyuan Rd, Beijing 100871, Peoples R China |
| 推荐引用方式 GB/T 7714 | Li, Jiguo,Zhang, Xinfeng,Xu, Jizheng,et al. Learning to Fool the Speaker Recognition[J]. ACM TRANSACTIONS ON MULTIMEDIA COMPUTING COMMUNICATIONS AND APPLICATIONS,2021,17(3):21. |
| APA | Li, Jiguo,Zhang, Xinfeng,Xu, Jizheng,Ma, Siwei,&Gao, Wen.(2021).Learning to Fool the Speaker Recognition.ACM TRANSACTIONS ON MULTIMEDIA COMPUTING COMMUNICATIONS AND APPLICATIONS,17(3),21. |
| MLA | Li, Jiguo,et al."Learning to Fool the Speaker Recognition".ACM TRANSACTIONS ON MULTIMEDIA COMPUTING COMMUNICATIONS AND APPLICATIONS 17.3(2021):21. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论