| Summary: | Voice print recognition is one of the most mature biometric authentication technologies, and the application of deep neural networks (DNNs) has led to a significant improvement in the accuracy of voice print recognition. However, DNN models can be attacked by backdoor attackers, which poses a serious threat to the security of model for voice print recognition. In this paper, a method is proposed for backdoor defence of voice print recognition model based on speech enhancement and weight pruning. Firstly, input samples are perturbed by superimposing various speech patterns, and the backdoor samples are determined based on the randomness (entropy value) of the prediction classes with perturbed inputs from a given deployment model (malicious or benign). Secondly, the backdoor samples are fed into a network (Deep Complex Convolution Recurrent Network) dedicated for speech enhancement, with which the backdoor samples can be denoised by removing the backdoor noise. Finally, the model is pruned using an automatic progressive weight pruning algorithm, which can avoid the accuracy degradation caused by neurons pruning. Experimental results on the AISHELL speech dataset show that the method not only reduces the success rate of backdoor attacks, but also greatly realizes the purification of the backdoor samples.
|
|---|