Stealthy Backdoor Attack Against Speaker Recognition Using Phase-Injection Hidden Trigger

Ye, Z; Yan, D; Dong, L; Deng, J; Yu, S

Stealthy Backdoor Attack Against Speaker Recognition Using Phase-Injection Hidden Trigger

Ye, Z Yan, D Dong, L Deng, J Yu, S

Permalink

Publisher:: IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Publication Type:: Journal Article
Citation:: IEEE Signal Processing Letters, 2023, 30, pp. 1057-1061
Issue Date:: 2023-01-01

Closed Access

	Filename	Description	Size
	Stealthy_Backdoor_Attack_Against_Speaker_Recognition_Using_Phase-Injection_Hidden_Trigger.pdf	Published version	1.38 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Ye, Z
dc.contributor.author	Yan, D
dc.contributor.author	Dong, L
dc.contributor.author	Deng, J
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.date.accessioned	2024-03-12T04:31:04Z
dc.date.available	2024-03-12T04:31:04Z
dc.date.issued	2023-01-01
dc.identifier.citation	IEEE Signal Processing Letters, 2023, 30, pp. 1057-1061
dc.identifier.issn	1070-9908
dc.identifier.issn	1558-2361
dc.identifier.uri	http://hdl.handle.net/10453/176571
dc.description.abstract	Deep learning has achieved significant breakthroughs in speaker recognition, driven by continual advancements in foundation models. However, malicious third-party platforms have introduced a severe security concern through backdoor attacks, in which attackers can manipulate a model to output a specific label by implanting a trigger. Existing speech backdoor attack methods typically utilize fixed and unnoticeable perturbations as triggers, but these may still be audible and thus detected during training and inference stages. To overcome this limitation, we propose a novel backdoor attack paradigm (PhaseBack) injecting triggers in the phase spectrum. PhaseBack exhibits sufficient stealth by leveraging the fact that the human ear is insensitive to phase information. Besides, injecting partial perturbations in the frequency domain results in global perturbations throughout the time domain, making the attack more effective. Extensive experiments on the Voxceleb1 dataset demonstrate the effectiveness and stealthiness of PhaseBack. Moreover, it has strong resistance to bypass several defense methods.
dc.language	English
dc.publisher	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
dc.relation.ispartof	IEEE Signal Processing Letters
dc.relation.isbasedon	10.1109/LSP.2023.3293429
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0801 Artificial Intelligence and Image Processing, 0906 Electrical and Electronic Engineering, 1005 Communications Technologies
dc.subject.classification	Networking & Telecommunications
dc.subject.classification	4006 Communications engineering
dc.subject.classification	4009 Electronics, sensors and digital hardware
dc.subject.classification	4603 Computer vision and multimedia computation
dc.title	Stealthy Backdoor Attack Against Speaker Recognition Using Phase-Injection Hidden Trigger
dc.type	Journal Article
utslib.citation.volume	30
utslib.for	0801 Artificial Intelligence and Image Processing
utslib.for	0906 Electrical and Electronic Engineering
utslib.for	1005 Communications Technologies
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	University of Technology Sydney/Strength - CCSP - Centre for Cyber Security and Privacy
utslib.copyright.status	closed_access	*
dc.date.updated	2024-03-12T04:31:04Z
pubs.publication-status	Published
pubs.volume	30

Abstract:

Deep learning has achieved significant breakthroughs in speaker recognition, driven by continual advancements in foundation models. However, malicious third-party platforms have introduced a severe security concern through backdoor attacks, in which attackers can manipulate a model to output a specific label by implanting a trigger. Existing speech backdoor attack methods typically utilize fixed and unnoticeable perturbations as triggers, but these may still be audible and thus detected during training and inference stages. To overcome this limitation, we propose a novel backdoor attack paradigm (PhaseBack) injecting triggers in the phase spectrum. PhaseBack exhibits sufficient stealth by leveraging the fact that the human ear is insensitive to phase information. Besides, injecting partial perturbations in the frequency domain results in global perturbations throughout the time domain, making the attack more effective. Extensive experiments on the Voxceleb1 dataset demonstrate the effectiveness and stealthiness of PhaseBack. Moreover, it has strong resistance to bypass several defense methods.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/176571