Adversarial Examples Protect Your Privacy on Speech Enhancement System  

作　　者：Mingyu Dong Diqun Yan Rangding Wang 

机构地区：[1]Department of Information Science and Engineering,Ningbo University,Zhejiang,315000,China

出　　处：《Computer Systems Science & Engineering》2023年第7期1-12,共12页计算机系统科学与工程（英文）

基　　金：This work was supported by the National Natural Science Foundation of China(Grant No.61300055);Zhejiang Natural Science Foundation(Grant No.LY20F020010);Ningbo Science and Technology Innovation Project(Grant No.2022Z075);Ningbo Natural Science Foundation(Grant No.202003N4089);K.C.Wong Magna Fund in Ningbo University.

摘　　要：Speech is easily leaked imperceptibly.When people use their phones,the personal voice assistant is constantly listening and waiting to be activated.Private content in speech may be maliciously extracted through automatic speech recognition(ASR)technology by some applications on phone devices.To guarantee that the recognized speech content is accurate,speech enhancement technology is used to denoise the input speech.Speech enhancement technology has developed rapidly along with deep neural networks(DNNs),but adversarial examples can cause DNNs to fail.Considering that the vulnerability of DNN can be used to protect the privacy in speech.In this work,we propose an adversarial method to degrade speech enhancement systems,which can prevent the malicious extraction of private information in speech.Experimental results show that the generated enhanced adversarial examples can be removed most content of the target speech or replaced with target speech content by speech enhancement.The word error rate(WER)between the enhanced original example and enhanced adversarial example recognition result can reach 89.0%.WER of target attack between enhanced adversarial example and target example is low at 33.75%.The adversarial perturbation in the adversarial example can bring much more change than itself.The rate of difference between two enhanced examples and adversarial perturbation can reach more than 1.4430.Meanwhile,the transferability between different speech enhancement models is also investigated.The low transferability of the method can be used to ensure the content in the adversarial example is not damaged,the useful information can be extracted by the friendly ASR.This work can prevent the malicious extraction of speech.

关 键 词：Adversarial example speech enhancement privacy protection deep neural network 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]