Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Al-Ali, Hamdan, Ghavamipour, Ali Reza, Caselli, Tommaso, Turkmen, Fatih, Talat, Zeerak, Aldarmaki, Hanan
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2510.13357
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866917015881515008
author Al-Ali, Hamdan
Ghavamipour, Ali Reza
Caselli, Tommaso
Turkmen, Fatih
Talat, Zeerak
Aldarmaki, Hanan
author_facet Al-Ali, Hamdan
Ghavamipour, Ali Reza
Caselli, Tommaso
Turkmen, Fatih
Talat, Zeerak
Aldarmaki, Hanan
contents Federated learning is a common method for privacy-preserving training of machine learning models. In this paper, we analyze the vulnerability of ASR models to attribute inference attacks in the federated setting. We test a non-parametric white-box attack method under a passive threat model on three ASR models: Wav2Vec2, HuBERT, and Whisper. The attack operates solely on weight differentials without access to raw speech from target speakers. We demonstrate attack feasibility on sensitive demographic and clinical attributes: gender, age, accent, emotion, and dysarthria. Our findings indicate that attributes that are underrepresented or absent in the pre-training data are more vulnerable to such inference attacks. In particular, information about accents can be reliably inferred from all models. Our findings expose previously undocumented vulnerabilities in federated ASR models and offer insights towards improved security.
format Preprint
id arxiv_https___arxiv_org_abs_2510_13357
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Personal Attribute Leakage in Federated Speech Models
Al-Ali, Hamdan
Ghavamipour, Ali Reza
Caselli, Tommaso
Turkmen, Fatih
Talat, Zeerak
Aldarmaki, Hanan
Computation and Language
Artificial Intelligence
Federated learning is a common method for privacy-preserving training of machine learning models. In this paper, we analyze the vulnerability of ASR models to attribute inference attacks in the federated setting. We test a non-parametric white-box attack method under a passive threat model on three ASR models: Wav2Vec2, HuBERT, and Whisper. The attack operates solely on weight differentials without access to raw speech from target speakers. We demonstrate attack feasibility on sensitive demographic and clinical attributes: gender, age, accent, emotion, and dysarthria. Our findings indicate that attributes that are underrepresented or absent in the pre-training data are more vulnerable to such inference attacks. In particular, information about accents can be reliably inferred from all models. Our findings expose previously undocumented vulnerabilities in federated ASR models and offer insights towards improved security.
title Personal Attribute Leakage in Federated Speech Models
topic Computation and Language
Artificial Intelligence
url https://arxiv.org/abs/2510.13357