pith. sign in

arxiv: 2211.08697 · v1 · pith:M7OE6M4Gnew · submitted 2022-11-16 · 💻 cs.SD · cs.AI· cs.CR· cs.LG· eess.AS

PBSM: Backdoor attack against Keyword spotting based on pitch boosting and sound masking

classification 💻 cs.SD cs.AIcs.CRcs.LGeess.AS
keywords attackdatatrainingbackdoorpbsmboostingdeepkeyword
0
0 comments X
read the original abstract

Keyword spotting (KWS) has been widely used in various speech control scenarios. The training of KWS is usually based on deep neural networks and requires a large amount of data. Manufacturers often use third-party data to train KWS. However, deep neural networks are not sufficiently interpretable to manufacturers, and attackers can manipulate third-party training data to plant backdoors during the model training. An effective backdoor attack can force the model to make specified judgments under certain conditions, i.e., triggers. In this paper, we design a backdoor attack scheme based on Pitch Boosting and Sound Masking for KWS, called PBSM. Experimental results demonstrated that PBSM is feasible to achieve an average attack success rate close to 90% in three victim models when poisoning less than 1% of the training data.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Pmeta-TLA: Backdoor Attacks for Speech Classification Models via Meta-Learning with Timbre Leakage Attack

    cs.CR 2026-07 unverdicted novelty 5.0

    Pmeta-TLA combines a frame-level timbre leakage trigger with meta-learning and PCGrad to inject multiple backdoors into speech models in one training run, claiming better attack success, stealth, and lower cost than b...