Breaking Speaker Recognition with Paddingback

Machine Learning as a Service (MLaaS) has gained popularity due to advancements in Deep Neural Networks (DNNs). However, untrusted third-party platforms have raised concerns about AI security, particularly in backdoor attacks. Recent research has shown that speech backdoors can utilize transformatio...

Full description

Saved in:
Bibliographic Details
Main Authors: Ye, Zhe, Yan, Diqun, Dong, Li, Shen, Kailai
Format: Conference Proceeding
Language:English
Subjects:
backdoor attacks
Ear
Machine learning
MLaaS
PaddingBack
Perturbation methods
Rendering (computer graphics)
Resists
Signal processing
Speech recognition
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Machine Learning as a Service (MLaaS) has gained popularity due to advancements in Deep Neural Networks (DNNs). However, untrusted third-party platforms have raised concerns about AI security, particularly in backdoor attacks. Recent research has shown that speech backdoors can utilize transformations as triggers, similar to image backdoors. However, human ears can easily be aware of these transformations, leading to suspicion. In this paper, we propose PaddingBack, an inaudible backdoor attack that utilizes malicious operations to generate poisoned samples, rendering them indistinguishable from clean ones. Instead of using external perturbations as triggers, we exploit the widely-used speech signal operation, padding, to break speaker recognition systems. Experimental results demonstrate the effectiveness of our method, achieving a significant attack success rate while retaining benign accuracy. Furthermore, Padding-Back demonstrates the ability to resist defense methods and maintain its stealthiness against human perception.
ISSN:2379-190X
DOI:10.1109/ICASSP48485.2024.10448169