Who Is Real Bob? Adversarial Attacks On Speaker Recognition Systems
2019 Β· Guangke Chen, Sen Chen, Lingling Fan, et al.
Abstract
Speaker recognition (SR) is widely used in our daily life as a biometric authentication or identification mechanism. The popularity of SR brings in serious security concerns, as demonstrated by recent adversarial attacks. However, the impacts of such threats in the practical black-box setting are still open, since current attacks consider the white-box setting only. In this paper, we conduct the first comprehensive and systematic study of the adversarial attacks on SR systems (SRSs) to understand their security weakness in the practical blackbox setting. For this purpose, we propose an adversarial attack, named FAKEBOB, to craft adversarial samples. Specifically, we formulate the adversarial sample generation as an optimization problem, incorporated with the confidence of adversarial samples and maximal distortion to balance between the strength and imperceptibility of adversarial voices. One key contribution is to propose a novel algorithm to estimate the score threshold, a feature in
Authors
(none)
Tags
Stats
Related papers
- Adversarial Attack And Defense Strategies For Deep Speaker Recognition Systems (2020)13.39
- Towards Understanding And Mitigating Audio Adversarial Examples For Speaker Recognition (2022)11.67
- QFA2SR: Query-free Adversarial Transfer Attacks To Speaker Recognition Systems (2023)0.00
- Inaudible Adversarial Perturbations For Targeted Attack In Speaker Recognition (2020)12.33
- SLMIA-SR: Speaker-level Membership Inference Attacks Against Speaker Recognition Systems (2023)6.77
- Adversarial Defense For Deep Speaker Recognition Using Hybrid Adversarial Training (2020)9.59
- Diffattack: Diffusion-based Timbre-reserved Adversarial Attack In Speaker Identification (2025)0.00
- Adversarial Sample Detection For Speaker Verification By Neural Vocoders (2021)0.00