PBSM: Backdoor attack against Keyword spotting based on pitch boosting and sound masking
This addresses a security problem for manufacturers using third-party data in speech control systems, representing a novel method for a known bottleneck.
The paper tackles the vulnerability of keyword spotting (KWS) systems to backdoor attacks by proposing PBSM, a method using pitch boosting and sound masking, which achieves an average attack success rate close to 90% with less than 1% poisoned training data.
Keyword spotting (KWS) has been widely used in various speech control scenarios. The training of KWS is usually based on deep neural networks and requires a large amount of data. Manufacturers often use third-party data to train KWS. However, deep neural networks are not sufficiently interpretable to manufacturers, and attackers can manipulate third-party training data to plant backdoors during the model training. An effective backdoor attack can force the model to make specified judgments under certain conditions, i.e., triggers. In this paper, we design a backdoor attack scheme based on Pitch Boosting and Sound Masking for KWS, called PBSM. Experimental results demonstrated that PBSM is feasible to achieve an average attack success rate close to 90% in three victim models when poisoning less than 1% of the training data.