Privacy Attacks For Automatic Speech Recognition Acoustic Models In A Federated Learning Framework

Abstract

This paper investigates methods to effectively retrieve speaker information from the personalized speaker adapted neural network acoustic models (AMs) in automatic speech recognition (ASR). This problem is especially important in the context of federated learning of ASR acoustic models where a global model is learnt on the server based on the updates received from multiple clients. We propose an approach to analyze information in neural network AMs based on a neural network footprint on the so-called Indicator dataset. Using this method, we develop two attack models that aim to infer speaker identity from the updated personalized models without access to the actual users' speech data. Experiments on the TED-LIUM 3 corpus demonstrate that the proposed approaches are very effective and can provide equal error rate (EER) of 1-2%.

Stats

• citations16
• S2 citations—
• github stars0
• HF likes0
• heat score9.23
• arxiv keytomashenko2021privacy

Related papers

• Retrieving Speaker Information From Personalized Acoustic Models For Speech Recognition (2021)5.84
• On-device Speaker Anonymization Of Acoustic Embeddings For ASR Based Onflexible Location Gradient Reversal Layer (2023)0.00
• Private Language Model Adaptation For Speech Recognition (2021)0.00
• Language-independent Speaker Anonymization Approach Using Self-supervised Pre-trained Models (2022)9.92
• Federated Marginal Personalization For ASR Rescoring (2020)2.26
• Communication-efficient Personalized Federated Learning For Speech-to-text Tasks (2024)7.81
• A Highly Adaptive Acoustic Model For Accurate Multi-dialect Speech Recognition (2022)10.85
• A Method To Reveal Speaker Identity In Distributed ASR Training, And How To Counter It (2021)5.84