| Title | Backdoor Attack Against Speaker Verification |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Zhai, Tongqing, Li, Yiming, Zhang, Ziqi, Wu, Baoyuan, Jiang, Yong, Xia, Shu-Tao |
| Conference Name | ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) |
| Keywords | AI Poisoning, AI security, Backdoor Attack, Data models, Deep Learning, Human Behavior, Internet, Mission critical systems, pubcrawl, resilience, Resiliency, Robustness, Scalability, Signal processing, speaker verification, Training, Training data |
| Abstract | Speaker verification has been widely and successfully adopted in many mission-critical areas for user identification. The training of speaker verification requires a large amount of data, therefore users usually need to adopt third-party data (e.g., data from the Internet or third-party data company). This raises the question of whether adopting untrusted third-party data can pose a security threat. In this paper, we demonstrate that it is possible to inject the hidden backdoor for infecting speaker verification models by poisoning the training data. Specifically, we design a clustering-based attack scheme where poisoned samples from different clusters will contain different triggers (i.e., pre-defined utterances), based on our understanding of verification tasks. The infected models behave normally on benign samples, while attacker-specified unenrolled triggers will successfully pass the verification even if the attacker has no information about the enrolled speaker. We also demonstrate that existing back-door attacks cannot be directly adopted in attacking speaker verification. Our approach not only provides a new perspective for designing novel attacks, but also serves as a strong baseline for improving the robustness of verification methods. The code for reproducing main results is available at https://github.com/zhaitongqing233/Backdoor-attack-against-speaker-verification. |
| DOI | 10.1109/ICASSP39728.2021.9413468 |
| Citation Key | zhai_backdoor_2021 |
Backdoor Attack Against Speaker Verification