With the continuous development of deep learning in the field of speech, intelligent applications such as speech recognition have become indispensable in human life. But the training of high-performance speech recognition models requires extensive hardware resources, making the constructed models likely to be deployed as services. Some research has shown that speech recognition services are vulnerable to backdoor attacks, where adversaries poison the training process to implant malicious behavior into the service. Research on backdoor attack methods not only helps reveal potential security risks, but also provides valuable insights for developing effective defense mechanisms. However, current backdoor attacks targeting speech recognition still face the issue of the trigger design being insufficiently stealthy. To address the problem, we propose a phoneme segmentation based backdoor attack method. Firstly, we segment audio samples at the phoneme level and enhance the amplitude of phoneme segments. Then, the frequency intensity is calculated to select the optimal frequency for embedding trigger. Finally, we generate a pure tone trigger with the optimal frequency, which is masked within the amplitude-enhanced regions, enhancing stealthiness by blending the trigger with natural variations in speech. The experimental results show that our method achieves an attack success rate greater than 94% at a poisoning rate of 1%, along with an improvement of 12.5% in stealthiness compared to the best baseline.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Phoneme Segmentation Based Backdoor Attack Against Speech Recognition as a Service

  • Letian Cheng,
  • Shunhui Ji,
  • Hanbo Cai,
  • Yu Shi,
  • Mengyuan Zhang

摘要

With the continuous development of deep learning in the field of speech, intelligent applications such as speech recognition have become indispensable in human life. But the training of high-performance speech recognition models requires extensive hardware resources, making the constructed models likely to be deployed as services. Some research has shown that speech recognition services are vulnerable to backdoor attacks, where adversaries poison the training process to implant malicious behavior into the service. Research on backdoor attack methods not only helps reveal potential security risks, but also provides valuable insights for developing effective defense mechanisms. However, current backdoor attacks targeting speech recognition still face the issue of the trigger design being insufficiently stealthy. To address the problem, we propose a phoneme segmentation based backdoor attack method. Firstly, we segment audio samples at the phoneme level and enhance the amplitude of phoneme segments. Then, the frequency intensity is calculated to select the optimal frequency for embedding trigger. Finally, we generate a pure tone trigger with the optimal frequency, which is masked within the amplitude-enhanced regions, enhancing stealthiness by blending the trigger with natural variations in speech. The experimental results show that our method achieves an attack success rate greater than 94% at a poisoning rate of 1%, along with an improvement of 12.5% in stealthiness compared to the best baseline.