Backdoor Defence for Voice Print Recognition Model Based on Speech Enhancement and Weight Pruning
Voice print recognition is one of the most mature biometric authentication technologies, and the application of deep neural networks (DNNs) has led to a significant improvement in the accuracy of voice print recognition. However, DNN models can be attacked by backdoor attackers, which poses a seriou...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2022-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9930770/ |
| _version_ | 1797988954614530048 |
|---|---|
| author | Jiawei Zhu Lin Chen Dongwei Xu Wenhong Zhao |
| author_facet | Jiawei Zhu Lin Chen Dongwei Xu Wenhong Zhao |
| author_sort | Jiawei Zhu |
| collection | DOAJ |
| description | Voice print recognition is one of the most mature biometric authentication technologies, and the application of deep neural networks (DNNs) has led to a significant improvement in the accuracy of voice print recognition. However, DNN models can be attacked by backdoor attackers, which poses a serious threat to the security of model for voice print recognition. In this paper, a method is proposed for backdoor defence of voice print recognition model based on speech enhancement and weight pruning. Firstly, input samples are perturbed by superimposing various speech patterns, and the backdoor samples are determined based on the randomness (entropy value) of the prediction classes with perturbed inputs from a given deployment model (malicious or benign). Secondly, the backdoor samples are fed into a network (Deep Complex Convolution Recurrent Network) dedicated for speech enhancement, with which the backdoor samples can be denoised by removing the backdoor noise. Finally, the model is pruned using an automatic progressive weight pruning algorithm, which can avoid the accuracy degradation caused by neurons pruning. Experimental results on the AISHELL speech dataset show that the method not only reduces the success rate of backdoor attacks, but also greatly realizes the purification of the backdoor samples. |
| first_indexed | 2024-04-11T08:12:31Z |
| format | Article |
| id | doaj.art-6c9e16c246db497e98dbcca3b6ae2e15 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-04-11T08:12:31Z |
| publishDate | 2022-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-6c9e16c246db497e98dbcca3b6ae2e152022-12-22T04:35:18ZengIEEEIEEE Access2169-35362022-01-011011401611402310.1109/ACCESS.2022.32173229930770Backdoor Defence for Voice Print Recognition Model Based on Speech Enhancement and Weight PruningJiawei Zhu0Lin Chen1https://orcid.org/0000-0001-9805-3466Dongwei Xu2https://orcid.org/0000-0003-2693-922XWenhong Zhao3Science and Technology on Communication Information Security Control Laboratory, Jiaxing, ChinaInstitute of Cyberspace Security, Zhejiang University of Technology, Hangzhou, ChinaInstitute of Cyberspace Security, Zhejiang University of Technology, Hangzhou, ChinaSchool of Information Engineering, Jiaxing Nanhu University, Jiaxing, ChinaVoice print recognition is one of the most mature biometric authentication technologies, and the application of deep neural networks (DNNs) has led to a significant improvement in the accuracy of voice print recognition. However, DNN models can be attacked by backdoor attackers, which poses a serious threat to the security of model for voice print recognition. In this paper, a method is proposed for backdoor defence of voice print recognition model based on speech enhancement and weight pruning. Firstly, input samples are perturbed by superimposing various speech patterns, and the backdoor samples are determined based on the randomness (entropy value) of the prediction classes with perturbed inputs from a given deployment model (malicious or benign). Secondly, the backdoor samples are fed into a network (Deep Complex Convolution Recurrent Network) dedicated for speech enhancement, with which the backdoor samples can be denoised by removing the backdoor noise. Finally, the model is pruned using an automatic progressive weight pruning algorithm, which can avoid the accuracy degradation caused by neurons pruning. Experimental results on the AISHELL speech dataset show that the method not only reduces the success rate of backdoor attacks, but also greatly realizes the purification of the backdoor samples.https://ieeexplore.ieee.org/document/9930770/Backdoor defencespeech enhancementweight pruning |
| spellingShingle | Jiawei Zhu Lin Chen Dongwei Xu Wenhong Zhao Backdoor Defence for Voice Print Recognition Model Based on Speech Enhancement and Weight Pruning IEEE Access Backdoor defence speech enhancement weight pruning |
| title | Backdoor Defence for Voice Print Recognition Model Based on Speech Enhancement and Weight Pruning |
| title_full | Backdoor Defence for Voice Print Recognition Model Based on Speech Enhancement and Weight Pruning |
| title_fullStr | Backdoor Defence for Voice Print Recognition Model Based on Speech Enhancement and Weight Pruning |
| title_full_unstemmed | Backdoor Defence for Voice Print Recognition Model Based on Speech Enhancement and Weight Pruning |
| title_short | Backdoor Defence for Voice Print Recognition Model Based on Speech Enhancement and Weight Pruning |
| title_sort | backdoor defence for voice print recognition model based on speech enhancement and weight pruning |
| topic | Backdoor defence speech enhancement weight pruning |
| url | https://ieeexplore.ieee.org/document/9930770/ |
| work_keys_str_mv | AT jiaweizhu backdoordefenceforvoiceprintrecognitionmodelbasedonspeechenhancementandweightpruning AT linchen backdoordefenceforvoiceprintrecognitionmodelbasedonspeechenhancementandweightpruning AT dongweixu backdoordefenceforvoiceprintrecognitionmodelbasedonspeechenhancementandweightpruning AT wenhongzhao backdoordefenceforvoiceprintrecognitionmodelbasedonspeechenhancementandweightpruning |