Abstract
Although deep neural networks have demonstrated state-of-the-art performance in several tasks such as speaker recognition among others, they are highly vulnerable to adversarial attacks. These attacks involve the transformation of the original speech signal in order to fool the trained model with minimal alteration in the auditory perception. These attacks have been shown to succeed in white-box settings, however, they are less likely to succeed in a realistic black-box setting. However, it is imperative to investigate the extent of the threat posed by transferability of such attacks to target models to strengthen the defense against them. Therefore, in this work, to enhance the transferability of adversarial examples in black-box setting, the source model’s architecture has been minimally modified. Particularly, by skipping selected ReLU activation functions during backpropagation. Experiments on the VoxCeleb dataset resulted in average transferability of 18.7% and 20.5% on two target models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Singh, N., Agrawal, A., Khan, R.: Voice biometric: a technology for voice based authentication. Adv. Sci. Eng. Med. 10(7–8), 754–759 (2018)
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples, ArXiv Preprint ArXiv:1412.6572 (2014)
Moosavi-Dezfooli, S.-M., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574–2582 (2016)
Shamsabadi, A.S., Teixeira, F.S., Abad, A., Raj, B., Cavallaro, A., Trancoso, I.: FoolHD: fooling speaker identification by highly imperceptible adversarial disturbances. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 6159–6163 (2021)
Kreuk, F., Adi, Y., Cisse, M., Keshet, J.: Fooling end-to-end speaker verification with adversarial examples. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1962–1966 (2018)
Wang, Q., Guo, P., Xie, L.: Inaudible adversarial perturbations for targeted attack in speaker recognition. ArXiv Preprint ArXiv:2005.10637 (2020)
Chen, G., et al.: Who is real bob? Adversarial attacks on speaker recognition systems. In: IEEE Symposium on Security and Privacy (SP), pp. 694–711 (2021)
Miyato, T., Dai, A.M., Goodfellow, I.: Adversarial training methods for semi-supervised text classification. ArXiv Preprint ArXiv:1605.07725 (2016)
Liang, B., Li, H., Su, M., Bian, P., Li, X., Shi, W.: Deep text classification can be fooled. ArXiv Preprint ArXiv:1704.08006 (2017)
Vakhshiteh, F., Nickabadi, A., Ramachandra, R.: Adversarial attacks against face recognition: a comprehensive study. IEEE Access 9, 92735–92756 (2021)
Guo, Y., Li, Q., Chen, H.: Backpropagating linearly improves transferability of adversarial examples. Adv. Neural. Inf. Process. Syst. 33, 85–95 (2020)
Papernot, N., McDaniel, P., Goodfellow, I.: Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. ArXiv Preprint ArXiv:1605.07277 (2016)
Jiang, W., He, Z., Zhan, J., Pan, W., Adhikari, D.: Research progress and challenges on application-driven adversarial examples: a survey. ACM Trans. Cyber-Phys. Syst. (TCPS) 5(4), 1–25 (2021)
Zhang, J., et al.: NMI-FGSM-Tri: an efficient and targeted method for generating adversarial examples for speaker recognition. In: 7th IEEE International Conference on Data Science in Cyberspace (DSC), pp. 167–174 (2022)
Tan, H., Gu, Z., Wang, L., Zhang, H., Gupta, B.B., Tian, Z.: Improving adversarial transferability by temporal and spatial momentum in urban speaker recognition systems. Comput. Electr. Eng. 104, 108446 (2022)
Abdullah, H., Karlekar, A., Bindschaedler, V., Traynor, P.: Demystifying limited adversarial transferability in automatic speech recognition systems. In: International Conference on Learning Representations (ICLR) (2021)
Xie, Y., Li, Z., Shi, C., Liu, J., Chen, Y., Yuan, B.: Real-time, robust and adaptive universal adversarial attacks against speaker recognition systems. J. Sign. Proc. Syst. 93, 1–14 (2021). https://doi.org/10.1007/s11265-020-01629-9
Zhang, Y., Jiang, Z., Villalba, J., Dehak, N.: Black-box attacks on spoofing countermeasures using transferability of adversarial examples. In: Interspeech, pp. 4238–4242 (2020)
Li, X., Zhong, J., Wu, X., Yu, J., Liu, X., Meng, H.: Adversarial attacks on GMM i-vector based speaker verification systems. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 6579–6583 (2020)
Desplanques, B., Thienpondt, J., Demuynck, K.: ECAPA-TDNN: emphasized channel attention, propagation and aggregation in TDNN based speaker verification. ArXiv Preprint ArXiv:2005.07143 (2020)
Shah, M., Mandal, S., Bhilare, S., Dhirubhai, A.H.: Increasing transferability by imposing linearity and perturbation in intermediate layer with diverse input patterns. In: IEEE International Conference on Signal Processing and Communications (SPCOM), pp. 1–5 (2022)
Kreuk, F., Adi, Y., Raj, B., Singh, R., Keshet, J.: Hide and speak: towards deep neural networks for speech steganography. ArXiv Preprint ArXiv:1902.03083 (2019)
Yu, Y.-Q., Li, W.-J.: Densely connected time delay neural network for speaker verification. In: Interspeech, pp. 921–925 (2020)
Nagrani, A., Chung, J.S., Zisserman, A.: VoxCeleb: a large-scale speaker identification dataset. ArXiv Preprint ArXiv:1706.08612 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Patel, U., Bhilare, S., Hati, A. (2023). Enhancing Transferability of Adversarial Audio in Speaker Recognition Systems. In: Pertusa, A., Gallego, A.J., Sánchez, J.A., Domingues, I. (eds) Pattern Recognition and Image Analysis. IbPRIA 2023. Lecture Notes in Computer Science, vol 14062. Springer, Cham. https://doi.org/10.1007/978-3-031-36616-1_49
Download citation
DOI: https://doi.org/10.1007/978-3-031-36616-1_49
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36615-4
Online ISBN: 978-3-031-36616-1
eBook Packages: Computer ScienceComputer Science (R0)