eduzhai > Applied Sciences > Engineering >

Adversarial Attack and Defense Strategies for Deep Speaker Recognition Systems

  • king
  • (0) Download
  • 20210506
  • Save

... pages left unread,continue reading

Document pages: 14 pages

Abstract: Robust speaker recognition, including in the presence of malicious attacks,is becoming increasingly important and essential, especially due to theproliferation of several smart speakers and personal agents that interact withan individual s voice commands to perform diverse, and even sensitive tasks.Adversarial attack is a recently revived domain which is shown to be effectivein breaking deep neural network-based classifiers, specifically, by forcingthem to change their posterior distribution by only perturbing the inputsamples by a very small amount. Although, significant progress in this realmhas been made in the computer vision domain, advances within speakerrecognition is still limited. The present expository paper considers severalstate-of-the-art adversarial attacks to a deep speaker recognition system,employing strong defense methods as countermeasures, and reporting on severalablation studies to obtain a comprehensive understanding of the problem. Theexperiments show that the speaker recognition systems are vulnerable toadversarial attacks, and the strongest attacks can reduce the accuracy of thesystem from 94 to even 0 . The study also compares the performances of theemployed defense methods in detail, and finds adversarial training based onProjected Gradient Descent (PGD) to be the best defense method in our setting.We hope that the experiments presented in this paper provide baselines that canbe useful for the research community interested in further studying adversarialrobustness of speaker recognition systems.

Please select stars to rate!

         

0 comments Sign in to leave a comment.

    Data loading, please wait...
×