ENJ: Optimizing Noise with Genetic Algorithms to Jailbreak LSMs
This research addresses security risks for users of LSMs by revealing noise's dual role in speech security, though it is incremental as it builds on existing adversarial attack methods with a novel optimization approach.
The paper tackled the challenge of balancing effectiveness and stealth in speech adversarial attacks on Large Speech Models (LSMs) by proposing Evolutionary Noise Jailbreak (ENJ), which uses genetic algorithms to optimize environmental noise for jailbreaking, resulting in significantly superior attack effectiveness compared to existing baseline methods in experiments on multiple mainstream speech models.
The widespread application of Large Speech Models (LSMs) has made their security risks increasingly prominent. Traditional speech adversarial attack methods face challenges in balancing effectiveness and stealth. This paper proposes Evolutionary Noise Jailbreak (ENJ), which utilizes a genetic algorithm to transform environmental noise from a passive interference into an actively optimizable attack carrier for jailbreaking LSMs. Through operations such as population initialization, crossover fusion, and probabilistic mutation, this method iteratively evolves a series of audio samples that fuse malicious instructions with background noise. These samples sound like harmless noise to humans but can induce the model to parse and execute harmful commands. Extensive experiments on multiple mainstream speech models show that ENJ's attack effectiveness is significantly superior to existing baseline methods. This research reveals the dual role of noise in speech security and provides new critical insights for model security defense in complex acoustic environments.