Saved in:
Bibliographic Details
Main Authors: Fortier, Alexandrine, Joshi, Sonal, Thebaud, Thomas, Villalba, Jesús, Dehak, Najim, Cardinal, Patrick
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2508.08559
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912637334323200
author Fortier, Alexandrine
Joshi, Sonal
Thebaud, Thomas
Villalba, Jesús
Dehak, Najim
Cardinal, Patrick
author_facet Fortier, Alexandrine
Joshi, Sonal
Thebaud, Thomas
Villalba, Jesús
Dehak, Najim
Cardinal, Patrick
contents In this work, we propose a multi-target backdoor attack against speaker identification using position-independent clicking sounds as triggers. Unlike previous single-target approaches, our method targets up to 50 speakers simultaneously, achieving success rates of up to 95.04%. To simulate more realistic attack conditions, we vary the signal-to-noise ratio between speech and trigger, demonstrating a trade-off between stealth and effectiveness. We further extend the attack to the speaker verification task by selecting the most similar training speaker - based on cosine similarity - as a proxy target. The attack is most effective when target and enrolled speaker pairs are highly similar, reaching success rates of up to 90% in such cases.
format Preprint
id arxiv_https___arxiv_org_abs_2508_08559
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Multi-Target Backdoor Attacks Against Speaker Recognition
Fortier, Alexandrine
Joshi, Sonal
Thebaud, Thomas
Villalba, Jesús
Dehak, Najim
Cardinal, Patrick
Sound
Machine Learning
In this work, we propose a multi-target backdoor attack against speaker identification using position-independent clicking sounds as triggers. Unlike previous single-target approaches, our method targets up to 50 speakers simultaneously, achieving success rates of up to 95.04%. To simulate more realistic attack conditions, we vary the signal-to-noise ratio between speech and trigger, demonstrating a trade-off between stealth and effectiveness. We further extend the attack to the speaker verification task by selecting the most similar training speaker - based on cosine similarity - as a proxy target. The attack is most effective when target and enrolled speaker pairs are highly similar, reaching success rates of up to 90% in such cases.
title Multi-Target Backdoor Attacks Against Speaker Recognition
topic Sound
Machine Learning
url https://arxiv.org/abs/2508.08559