当前位置:
X-MOL 学术
›
Future Gener. Comput. Syst.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Web 3.0 security: Backdoor attacks in federated learning-based automatic speaker verification systems in the 6G era
Future Generation Computer Systems ( IF 6.2 ) Pub Date : 2024-06-13 , DOI: 10.1016/j.future.2024.06.022 Yi Wu , Jiayi Chen , Tianbao Lei , Jiahua Yu , M. Shamim Hossain
Future Generation Computer Systems ( IF 6.2 ) Pub Date : 2024-06-13 , DOI: 10.1016/j.future.2024.06.022 Yi Wu , Jiayi Chen , Tianbao Lei , Jiahua Yu , M. Shamim Hossain
With the advent of Next-Generation Web 3.0 and the integration of 6G technologies, digital industrial applications are undergoing unprecedented transformations. Among these, the field of intelligent voice recognition, particularly Federated Learning-based Automatic Speaker Verification (FL-ASV) systems, stands out by collaboratively training robust ASV models across systems while protecting sensitive voiceprint data. However, the aspect of security within such systems is still largely unexplored and presents potential vulnerabilities. To bridge this gap, we design a voiceprint-driven backdoor attack for FL-ASV, termed FedCTS. Concretely, we employ contrastive learning techniques to significantly improve the feature extraction process for individual speakers. This enhancement not only maintains the inherent performance of FL-ASV systems but also introduces a level of complexity that can mislead even the most skilled defenders. Furthermore, we intricately obfuscate the triggers by subtly embedding voice and backdoor clips within the utterances. This is achieved by dividing the utterances into chronological segments through a meticulously devised time-series injection strategy, thereby ensuring the triggers remain undetectable. Additionally, we have conceptualized a unique defense mechanism tailored to counter such attacks. This defense mechanism operates by scrutinizing the speaker’s frequencies and filtering out any suspicious frequencies that fall outside the normal range of human voice, helping to mitigate the risk of backdoor attacks without compromising the system’s functionality. In the context of the fast-evolving digitalized industrial landscape, our attack strategy, FedCTS, has demonstrated a significant improvement in effectiveness. It achieves an average increase of in the attack success rate when compared to existing state-of-the-art methods.
中文翻译:
Web 3.0安全:6G时代基于联邦学习的自动说话人验证系统的后门攻击
随着下一代Web 3.0的到来和6G技术的融合,数字化工业应用正在经历前所未有的变革。其中,智能语音识别领域,特别是基于联邦学习的自动说话人验证(FL-ASV)系统,通过跨系统协作训练强大的 ASV 模型,同时保护敏感的声纹数据而脱颖而出。然而,此类系统内的安全性在很大程度上仍未得到探索,并且存在潜在的漏洞。为了弥补这一差距,我们为 FL-ASV 设计了一种声纹驱动的后门攻击,称为 FedCTS。具体来说,我们采用对比学习技术来显着改进单个说话者的特征提取过程。这种增强不仅保持了 FL-ASV 系统的固有性能,而且还引入了一定程度的复杂性,甚至可能会误导最熟练的防御者。此外,我们通过在话语中巧妙地嵌入语音和后门剪辑来复杂地混淆触发器。这是通过精心设计的时间序列注入策略将话语分成按时间顺序排列的片段来实现的,从而确保触发器无法被检测到。此外,我们还设计了一种独特的防御机制来应对此类攻击。这种防御机制的工作原理是仔细检查说话者的频率并过滤掉任何超出人类语音正常范围的可疑频率,从而有助于在不影响系统功能的情况下降低后门攻击的风险。在快速发展的数字化工业格局的背景下,我们的攻击策略FedCTS显示出有效性的显着提高。 与现有最先进的方法相比,它的攻击成功率平均提高了。
更新日期:2024-06-13
中文翻译:
Web 3.0安全:6G时代基于联邦学习的自动说话人验证系统的后门攻击
随着下一代Web 3.0的到来和6G技术的融合,数字化工业应用正在经历前所未有的变革。其中,智能语音识别领域,特别是基于联邦学习的自动说话人验证(FL-ASV)系统,通过跨系统协作训练强大的 ASV 模型,同时保护敏感的声纹数据而脱颖而出。然而,此类系统内的安全性在很大程度上仍未得到探索,并且存在潜在的漏洞。为了弥补这一差距,我们为 FL-ASV 设计了一种声纹驱动的后门攻击,称为 FedCTS。具体来说,我们采用对比学习技术来显着改进单个说话者的特征提取过程。这种增强不仅保持了 FL-ASV 系统的固有性能,而且还引入了一定程度的复杂性,甚至可能会误导最熟练的防御者。此外,我们通过在话语中巧妙地嵌入语音和后门剪辑来复杂地混淆触发器。这是通过精心设计的时间序列注入策略将话语分成按时间顺序排列的片段来实现的,从而确保触发器无法被检测到。此外,我们还设计了一种独特的防御机制来应对此类攻击。这种防御机制的工作原理是仔细检查说话者的频率并过滤掉任何超出人类语音正常范围的可疑频率,从而有助于在不影响系统功能的情况下降低后门攻击的风险。在快速发展的数字化工业格局的背景下,我们的攻击策略FedCTS显示出有效性的显着提高。 与现有最先进的方法相比,它的攻击成功率平均提高了。
京公网安备 11010802027423号