期刊文献+

时空梯度迭代的声纹对抗攻击算法STI-FGSM

Space-Time Gradient Iterative Voiceprint Adversarial Attack Algorithm STI-FGSM
下载PDF
导出
摘要 为了解决当前声纹对抗攻击算法梯度信息利用不足、迁移性较差等问题,针对说话人识别模型,提出一种时空迭代快速梯度符号法(space-time iterative fast gradient sign method,STI-FGSM)的声纹对抗攻击算法。该算法基于动量迭代快速梯度符号法(momentum iterative fast gradient sign method,MI-FGSM),融合动量和时序梯度信息,使用下一步观测梯度修正扰动更新方向。引入空间梯度信息,充分学习语音样本区域信息,实现不同区域的空间梯度动量累加。结合扰动集成的方法,充分利用已知的白盒模型,实现多模型扰动叠加,进一步提高黑盒攻击成功率。实验结果表明,STI-FGSM算法针对ResNetSE34V2、TDy_ResNet34_half、x-vector、ECAPA-TDNN四种说话人识别模型,均能取得较强的白盒攻击,并实现较高的黑盒攻击成功率,其性能优于其他算法。 A space-time iterative fast gradient sign method(STI-FGSM)is proposed for the speaker recognition model in order to solve the problems of insufficient use of gradient information and poor transferability of current voiceprint adver-sarial attack algorithms.The algorithm fuses momentum and timing gradient information firstly based on the momentum iterative fast gradient sign method(MI-FGSM),and uses the next observation gradient to correct the disturbance update direction.Then,the spatial gradient information is introduced to fully learn the region information of the speech samples and realize the accumulation of spatial gradient momentum in different regions.Finally,the perturbation ensemble method is combined to fully use known white-box models to achieve multi-model perturbation ensemble and further improve the black-box attack success rate.The experimental results show that the STI-FGSM algorithm achieves a strong white-box attack and high black-box attack success rate against four speaker recognition models,ResNetSE34V2,TDy_ResNet34_half,x-vector,and ECAPA-TDNN.The performance is better than other algorithms.
作者 李烁 顾益军 谭昊 LI Shuo;GU Yijun;TAN Hao(College of Information and Cyber Security,People’s Public Security University of China,Beijing 100038,China;Cyberspace Institute of Advanced Technology,Guangzhou University,Guangzhou 510006,China)
出处 《计算机工程与应用》 CSCD 北大核心 2023年第21期151-158,共8页 Computer Engineering and Applications
基金 公安部科技强警基础工作专项项目(2020GABJC02) 中国人民公安大学基本科研业务费项目(2021JKF420)。
关键词 说话人识别 对抗攻击 梯度 扰动集成 白盒攻击 黑盒攻击 迁移性 speaker recognition adversarial attack gradient perturbation ensemble white-box attack black-box attack transferability
  • 相关文献

参考文献1

二级参考文献1

共引文献5

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部