pith. sign in

arxiv: 2212.10103 · v1 · pith:2OZTWF6Vnew · submitted 2022-12-20 · 💻 cs.SD · cs.AI· cs.CR· cs.LG· eess.AS

VSVC: Backdoor attack against Keyword Spotting based on Voiceprint Selection and Voice Conversion

classification 💻 cs.SD cs.AIcs.CRcs.LGeess.AS
keywords attacktrainingbackdoordatavoicevsvcconversionkeyword
0
0 comments X
read the original abstract

Keyword spotting (KWS) based on deep neural networks (DNNs) has achieved massive success in voice control scenarios. However, training of such DNN-based KWS systems often requires significant data and hardware resources. Manufacturers often entrust this process to a third-party platform. This makes the training process uncontrollable, where attackers can implant backdoors in the model by manipulating third-party training data. An effective backdoor attack can force the model to make specified judgments under certain conditions, i.e., triggers. In this paper, we design a backdoor attack scheme based on Voiceprint Selection and Voice Conversion, abbreviated as VSVC. Experimental results demonstrated that VSVC is feasible to achieve an average attack success rate close to 97% in four victim models when poisoning less than 1% of the training data.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Pmeta-TLA: Backdoor Attacks for Speech Classification Models via Meta-Learning with Timbre Leakage Attack

    cs.CR 2026-07 unverdicted novelty 5.0

    Pmeta-TLA combines a frame-level timbre leakage trigger with meta-learning and PCGrad to inject multiple backdoors into speech models in one training run, claiming better attack success, stealth, and lower cost than b...