Phoneme Segmentation Based Backdoor Attack Against Speech Recognition as a Service
摘要
With the continuous development of deep learning in the field of speech, intelligent applications such as speech recognition have become indispensable in human life. But the training of high-performance speech recognition models requires extensive hardware resources, making the constructed models likely to be deployed as services. Some research has shown that speech recognition services are vulnerable to backdoor attacks, where adversaries poison the training process to implant malicious behavior into the service. Research on backdoor attack methods not only helps reveal potential security risks, but also provides valuable insights for developing effective defense mechanisms. However, current backdoor attacks targeting speech recognition still face the issue of the trigger design being insufficiently stealthy. To address the problem, we propose a phoneme segmentation based backdoor attack method. Firstly, we segment audio samples at the phoneme level and enhance the amplitude of phoneme segments. Then, the frequency intensity is calculated to select the optimal frequency for embedding trigger. Finally, we generate a pure tone trigger with the optimal frequency, which is masked within the amplitude-enhanced regions, enhancing stealthiness by blending the trigger with natural variations in speech. The experimental results show that our method achieves an attack success rate greater than 94% at a poisoning rate of 1%, along with an improvement of 12.5% in stealthiness compared to the best baseline.