English

Fake the Real: Backdoor Attack on Deep Speech Classification via Voice Conversion

Sound 2023-08-15 v1 Cryptography and Security Machine Learning Audio and Speech Processing

Abstract

Deep speech classification has achieved tremendous success and greatly promoted the emergence of many real-world applications. However, backdoor attacks present a new security threat to it, particularly with untrustworthy third-party platforms, as pre-defined triggers set by the attacker can activate the backdoor. Most of the triggers in existing speech backdoor attacks are sample-agnostic, and even if the triggers are designed to be unnoticeable, they can still be audible. This work explores a backdoor attack that utilizes sample-specific triggers based on voice conversion. Specifically, we adopt a pre-trained voice conversion model to generate the trigger, ensuring that the poisoned samples does not introduce any additional audible noise. Extensive experiments on two speech classification tasks demonstrate the effectiveness of our attack. Furthermore, we analyzed the specific scenarios that activated the proposed backdoor and verified its resistance against fine-tuning.

Keywords

Cite

@article{arxiv.2306.15875,
  title  = {Fake the Real: Backdoor Attack on Deep Speech Classification via Voice Conversion},
  author = {Zhe Ye and Terui Mao and Li Dong and Diqun Yan},
  journal= {arXiv preprint arXiv:2306.15875},
  year   = {2023}
}

Comments

Accepted by INTERSPEECH 2023

R2 v1 2026-06-28T11:16:17.995Z