Skip to main content
SpringerLink
Log in

Enhancing Transferability of Adversarial Audio in Speaker Recognition Systems

  • Conference paper
  • First Online:
Pattern Recognition and Image Analysis (IbPRIA 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14062))

Included in the following conference series:

Abstract

Although deep neural networks have demonstrated state-of-the-art performance in several tasks such as speaker recognition among others, they are highly vulnerable to adversarial attacks. These attacks involve the transformation of the original speech signal in order to fool the trained model with minimal alteration in the auditory perception. These attacks have been shown to succeed in white-box settings, however, they are less likely to succeed in a realistic black-box setting. However, it is imperative to investigate the extent of the threat posed by transferability of such attacks to target models to strengthen the defense against them. Therefore, in this work, to enhance the transferability of adversarial examples in black-box setting, the source model’s architecture has been minimally modified. Particularly, by skipping selected ReLU activation functions during backpropagation. Experiments on the VoxCeleb dataset resulted in average transferability of 18.7% and 20.5% on two target models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Singh, N., Agrawal, A., Khan, R.: Voice biometric: a technology for voice based authentication. Adv. Sci. Eng. Med. 10(7–8), 754–759 (2018)

    Article  Google Scholar 

  2. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples, ArXiv Preprint ArXiv:1412.6572 (2014)

  3. Moosavi-Dezfooli, S.-M., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574–2582 (2016)

    Google Scholar 

  4. Shamsabadi, A.S., Teixeira, F.S., Abad, A., Raj, B., Cavallaro, A., Trancoso, I.: FoolHD: fooling speaker identification by highly imperceptible adversarial disturbances. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 6159–6163 (2021)

    Google Scholar 

  5. Kreuk, F., Adi, Y., Cisse, M., Keshet, J.: Fooling end-to-end speaker verification with adversarial examples. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1962–1966 (2018)

    Google Scholar 

  6. Wang, Q., Guo, P., Xie, L.: Inaudible adversarial perturbations for targeted attack in speaker recognition. ArXiv Preprint ArXiv:2005.10637 (2020)

  7. Chen, G., et al.: Who is real bob? Adversarial attacks on speaker recognition systems. In: IEEE Symposium on Security and Privacy (SP), pp. 694–711 (2021)

    Google Scholar 

  8. Miyato, T., Dai, A.M., Goodfellow, I.: Adversarial training methods for semi-supervised text classification. ArXiv Preprint ArXiv:1605.07725 (2016)

  9. Liang, B., Li, H., Su, M., Bian, P., Li, X., Shi, W.: Deep text classification can be fooled. ArXiv Preprint ArXiv:1704.08006 (2017)

  10. Vakhshiteh, F., Nickabadi, A., Ramachandra, R.: Adversarial attacks against face recognition: a comprehensive study. IEEE Access 9, 92735–92756 (2021)

    Article  Google Scholar 

  11. Guo, Y., Li, Q., Chen, H.: Backpropagating linearly improves transferability of adversarial examples. Adv. Neural. Inf. Process. Syst. 33, 85–95 (2020)

    MathSciNet  Google Scholar 

  12. Papernot, N., McDaniel, P., Goodfellow, I.: Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. ArXiv Preprint ArXiv:1605.07277 (2016)

  13. Jiang, W., He, Z., Zhan, J., Pan, W., Adhikari, D.: Research progress and challenges on application-driven adversarial examples: a survey. ACM Trans. Cyber-Phys. Syst. (TCPS) 5(4), 1–25 (2021)

    Article  Google Scholar 

  14. Zhang, J., et al.: NMI-FGSM-Tri: an efficient and targeted method for generating adversarial examples for speaker recognition. In: 7th IEEE International Conference on Data Science in Cyberspace (DSC), pp. 167–174 (2022)

    Google Scholar 

  15. Tan, H., Gu, Z., Wang, L., Zhang, H., Gupta, B.B., Tian, Z.: Improving adversarial transferability by temporal and spatial momentum in urban speaker recognition systems. Comput. Electr. Eng. 104, 108446 (2022)

    Article  Google Scholar 

  16. Abdullah, H., Karlekar, A., Bindschaedler, V., Traynor, P.: Demystifying limited adversarial transferability in automatic speech recognition systems. In: International Conference on Learning Representations (ICLR) (2021)

    Google Scholar 

  17. Xie, Y., Li, Z., Shi, C., Liu, J., Chen, Y., Yuan, B.: Real-time, robust and adaptive universal adversarial attacks against speaker recognition systems. J. Sign. Proc. Syst. 93, 1–14 (2021). https://doi.org/10.1007/s11265-020-01629-9

    Article  Google Scholar 

  18. Zhang, Y., Jiang, Z., Villalba, J., Dehak, N.: Black-box attacks on spoofing countermeasures using transferability of adversarial examples. In: Interspeech, pp. 4238–4242 (2020)

    Google Scholar 

  19. Li, X., Zhong, J., Wu, X., Yu, J., Liu, X., Meng, H.: Adversarial attacks on GMM i-vector based speaker verification systems. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 6579–6583 (2020)

    Google Scholar 

  20. Desplanques, B., Thienpondt, J., Demuynck, K.: ECAPA-TDNN: emphasized channel attention, propagation and aggregation in TDNN based speaker verification. ArXiv Preprint ArXiv:2005.07143 (2020)

  21. Shah, M., Mandal, S., Bhilare, S., Dhirubhai, A.H.: Increasing transferability by imposing linearity and perturbation in intermediate layer with diverse input patterns. In: IEEE International Conference on Signal Processing and Communications (SPCOM), pp. 1–5 (2022)

    Google Scholar 

  22. Kreuk, F., Adi, Y., Raj, B., Singh, R., Keshet, J.: Hide and speak: towards deep neural networks for speech steganography. ArXiv Preprint ArXiv:1902.03083 (2019)

  23. Yu, Y.-Q., Li, W.-J.: Densely connected time delay neural network for speaker verification. In: Interspeech, pp. 921–925 (2020)

    Google Scholar 

  24. Nagrani, A., Chung, J.S., Zisserman, A.: VoxCeleb: a large-scale speaker identification dataset. ArXiv Preprint ArXiv:1706.08612 (2017)

Download references

Author information

Authors and Affiliations

  1. Dhirubhai Ambani Institute of Information and Communication Technology, Gandhinagar, Gujarat, India

    Umang Patel & Shruti Bhilare

  2. NIT Tiruchirappalli, Tiruchirappalli, India

    Avik Hati

Authors
  1. Umang Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shruti Bhilare
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Avik Hati
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Umang Patel .

Editor information

Editors and Affiliations

  1. University of Alicante, Alicante, Spain

    Antonio Pertusa

  2. University of Alicante, Alicante, Spain

    Antonio Javier Gallego

  3. Universitat Politècnica de València, Valencia, Spain

    Joan Andreu Sánchez

  4. IPO Porto, Coimbra, Portugal

    Inês Domingues

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Patel, U., Bhilare, S., Hati, A. (2023). Enhancing Transferability of Adversarial Audio in Speaker Recognition Systems. In: Pertusa, A., Gallego, A.J., Sánchez, J.A., Domingues, I. (eds) Pattern Recognition and Image Analysis. IbPRIA 2023. Lecture Notes in Computer Science, vol 14062. Springer, Cham. https://doi.org/10.1007/978-3-031-36616-1_49

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-36616-1_49

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-36615-4

  • Online ISBN: 978-3-031-36616-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation