| Summary: | With the rapid development of voice technology, speaker recognition is becoming increasingly prevalent in our daily lives. However, with its increased usage, security issues have become more apparent. The adversarial attack poses a significant security risk to the speaker recognition model by making small changes to the input and thus causing the neural network model to produce an incorrect output. Nevertheless, there are currently limited defense techniques for speaker recognition models. To this end, we propose a robust CycleGAN-L2(CYC-L2) defense method. The method automatically adjusts the size of the dataset according to the learning of the generative adversarial networks on the dataset, and uses L2 loss functions to constrain the generative adversarial networks for better and faster training. In this paper, we will compare the effectiveness of defense against white-box attacks using existing defenses and the defenses proposed. The experimental results show that our defense method not only plays a better defense effect than the other defense methods mentioned under the x-vector model but also does not reduce the accuracy of benign examples in closed-set identification.
|
|---|