Practical adversarial attacks against speaker recognition systems

Zhuohang Li, Cong Shi, Yi Xie, Jian Liu, Bo Yuan, Yingying Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

55 Scopus citations

Abstract

Unlike other biometric-based user identification methods (e.g., fingerprint and iris), speaker recognition systems can identify individuals relying on their unique voice biometrics without requiring users to be physically present. Therefore, speaker recognition systems have been becoming increasingly popular recently in various domains, such as remote access control, banking services and criminal investigation. In this paper, we study the vulnerability of this kind of systems by launching a practical and systematic adversarial attack against X-vector, the state-of-the-art deep neural network (DNN) based speaker recognition system. In particular, by adding a well-crafted inconspicuous noise to the original audio, our attack can fool the speaker recognition system to make false predictions and even force the audio to be recognized as any adversary-desired speaker. Moreover, our attack integrates the estimated room impulse response (RIR) into the adversarial example training process toward practical audio adversarial examples which could remain effective while being played over the air in the physical world. Extensive experiment using a public dataset of 109 speakers shows the effectiveness of our attack with a high attack success rate for both digital attack (98%) and practical over-the-air attack (50%).

Original languageEnglish (US)
Title of host publicationHotMobile 2020 - Proceedings of the 21st International Workshop on Mobile Computing Systems and Applications
PublisherAssociation for Computing Machinery, Inc
Pages9-14
Number of pages6
ISBN (Electronic)9781450371162
DOIs
StatePublished - Mar 3 2020
Externally publishedYes
Event21st International Workshop on Mobile Computing Systems and Applications, HotMobile 2020 - Austin, United States
Duration: Mar 3 2020Mar 4 2020

Publication series

NameHotMobile 2020 - Proceedings of the 21st International Workshop on Mobile Computing Systems and Applications

Conference

Conference21st International Workshop on Mobile Computing Systems and Applications, HotMobile 2020
Country/TerritoryUnited States
CityAustin
Period3/3/203/4/20

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications

Keywords

  • Adversarial Example
  • Deep Learning
  • Room Impulse Response
  • Speaker Recognition

Fingerprint

Dive into the research topics of 'Practical adversarial attacks against speaker recognition systems'. Together they form a unique fingerprint.

Cite this