PBSM: Backdoor attack against Keyword spotting based on pitch boosting and sound masking

Add code
Nov 16, 2022
Hanbo Cai, Pengcheng Zhang, Hai Dong, Yan Xiao, Shunhui Ji
Figure 1 for PBSM: Backdoor attack against Keyword spotting based on pitch boosting and sound masking
Figure 2 for PBSM: Backdoor attack against Keyword spotting based on pitch boosting and sound masking
Figure 3 for PBSM: Backdoor attack against Keyword spotting based on pitch boosting and sound masking

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Keyword spotting (KWS) has been widely used in various speech control scenarios. The training of KWS is usually based on deep neural networks and requires a large amount of data. Manufacturers often use third-party data to train KWS. However, deep neural networks are not sufficiently interpretable to manufacturers, and attackers can manipulate third-party training data to plant backdoors during the model training. An effective backdoor attack can force the model to make specified judgments under certain conditions, i.e., triggers. In this paper, we design a backdoor attack scheme based on Pitch Boosting and Sound Masking for KWS, called PBSM. Experimental results demonstrated that PBSM is feasible to achieve an average attack success rate close to 90% in three victim models when poisoning less than 1% of the training data.

* 5 pages, 4 figures  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon