We found a match
Your institution may have rights to this item. Sign in to continue.
- Title
DriNet: Dynamic Backdoor Attack against Automatic Speech Recognization Models.
- Authors
Ye, Jianbin; Liu, Xiaoyuan; You, Zheng; Li, Guowei; Liu, Bo
- Abstract
Automatic speech recognition (ASR) is popular in our daily lives (e.g., via voice assistants or voice input). Once its security attributes are destroyed, it poses as a severe threat to a user's life and 'property safety'. Prior research has demonstrated that ASR systems are vulnerable to backdoor attacks. A model embedded with a backdoor behaves normally on clean samples yet misclassifies malicious samples that contain triggers. Existing backdoor attacks have mostly been conducted in the image domain. However, they can not be applied in the audio domain because of poor transferability. This paper proposes a dynamic backdoor attack method against ASR models, named DriNet. Significantly, we designed a dynamic trigger generation network to craft a variety of audio triggers. It is trained jointly with the discriminative model incorporated with an attack success rate on poisoned samples and accuracy on clean samples. We demonstrate that DriNet achieves an attack success rate of 86.4% when infecting only 0.5% of the training set without reducing its accuracy. DriNet can still achieve comparable attack performance to backdoor attacks using static triggers, further enjoying richer attack patterns. We further evaluated DriNet's resistance to a current state-of-the-art defense mechanism. The anomaly index of DriNet is more than 37.4% smaller than that of BadNets method. The triggers generated by DriNet are hard reverse, keeping DriNet from the detectors.
- Subjects
AUTOMATIC speech recognition; INTRUSION detection systems (Computer security); SPEECH perception
- Publication
Applied Sciences (2076-3417), 2022, Vol 12, Issue 12, p5786
- ISSN
2076-3417
- Publication type
Article
- DOI
10.3390/app12125786