Universal Adversarial Perturbations Generative Network for Speaker Recognition
This work addresses security risks in biometric systems like speaker recognition, showing incremental improvements in generating adversarial attacks.
The paper tackled the vulnerability of deep learning-based speaker recognition systems by demonstrating the existence of universal adversarial perturbations (UAPs) and proposing a generative network to synthesize these perturbations, achieving high spoofing probability on TIMIT and LibriSpeech datasets.
Attacking deep learning based biometric systems has drawn more and more attention with the wide deployment of fingerprint/face/speaker recognition systems, given the fact that the neural networks are vulnerable to the adversarial examples, which have been intentionally perturbed to remain almost imperceptible for human. In this paper, we demonstrated the existence of the universal adversarial perturbations~(UAPs) for the speaker recognition systems. We proposed a generative network to learn the mapping from the low-dimensional normal distribution to the UAPs subspace, then synthesize the UAPs to perturbe any input signals to spoof the well-trained speaker recognition model with high probability. Experimental results on TIMIT and LibriSpeech datasets demonstrate the effectiveness of our model.