Multi-Target Backdoor Attacks Against Speaker Recognition
This work addresses security vulnerabilities in speaker recognition systems, presenting a more realistic and scalable attack scenario compared to previous single-target methods.
The paper tackles the problem of backdoor attacks in speaker recognition by proposing a multi-target attack using clicking sounds as triggers, achieving success rates up to 95.04% for speaker identification and up to 90% for speaker verification under specific conditions.
In this work, we propose a multi-target backdoor attack against speaker identification using position-independent clicking sounds as triggers. Unlike previous single-target approaches, our method targets up to 50 speakers simultaneously, achieving success rates of up to 95.04%. To simulate more realistic attack conditions, we vary the signal-to-noise ratio between speech and trigger, demonstrating a trade-off between stealth and effectiveness. We further extend the attack to the speaker verification task by selecting the most similar training speaker - based on cosine similarity - as a proxy target. The attack is most effective when target and enrolled speaker pairs are highly similar, reaching success rates of up to 90% in such cases.