SEC4SR

a SECurity evaluation platform FOR Speaker Recognition

View on GitHub

About

This is the official webpage for paper Defending against Audio Adversarial Examples on Speaker Recognition Systems.

In this paper, we systematically investigate transformation and adversarial training based defenses for speaker recognition systems (SRSs) and thoroughly evaluate their effectiveness using both non-adaptive and adaptive attacks under the same settings.

In summary, we make the following main contributions:

Empirical Study Result

Transformation against Non-adaptive Attacks


Transformation against Adaptive Attacks


Transformation+Adversarial-Training against Adaptive Attacks


Additional Results (not appear in the paper)

Appendix C. Tuning the Parameters of Transformations







Audio Files

We provides our audio files for percetibility measurement and other purposes.

For adversarial audios, after unzip, the directory A-B/X/X-Y/Z means the audios are crafted by the attack X with the attack paramter Y against the defense A with the defense parameter B on the speaker Z. For example, FeCo-ok-kmeans-raw-0_2-L2/FGSM/FGSM-0_002-50/1998 means the audios are crafted by FGSM attack with $\varepsilon=0.002$ and EOT_size $r=50$ against the defense FeCo with the defense parameter $cl_m=kmeans$ and $cl_r=0.2$ on the speaker 1998.

Platform: SEC4SR

To perform the above empirical study, we establish a SECurity evaluation platform FOR Speaker Recognition (SEC4SR).

Want to re-produce our experimental results, do something new with our platform, or even extend SEC4SR? Go to Code for SEC4SR for detailed instructions.