Gespeichert in:
| Hauptverfasser: | , , , , , |
|---|---|
| Format: | Preprint |
| Veröffentlicht: |
2025
|
| Schlagworte: | |
| Online-Zugang: | https://arxiv.org/abs/2510.13357 |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| _version_ | 1866917015881515008 |
|---|---|
| author | Al-Ali, Hamdan Ghavamipour, Ali Reza Caselli, Tommaso Turkmen, Fatih Talat, Zeerak Aldarmaki, Hanan |
| author_facet | Al-Ali, Hamdan Ghavamipour, Ali Reza Caselli, Tommaso Turkmen, Fatih Talat, Zeerak Aldarmaki, Hanan |
| contents | Federated learning is a common method for privacy-preserving training of machine learning models. In this paper, we analyze the vulnerability of ASR models to attribute inference attacks in the federated setting. We test a non-parametric white-box attack method under a passive threat model on three ASR models: Wav2Vec2, HuBERT, and Whisper. The attack operates solely on weight differentials without access to raw speech from target speakers. We demonstrate attack feasibility on sensitive demographic and clinical attributes: gender, age, accent, emotion, and dysarthria. Our findings indicate that attributes that are underrepresented or absent in the pre-training data are more vulnerable to such inference attacks. In particular, information about accents can be reliably inferred from all models. Our findings expose previously undocumented vulnerabilities in federated ASR models and offer insights towards improved security. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2510_13357 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | Personal Attribute Leakage in Federated Speech Models Al-Ali, Hamdan Ghavamipour, Ali Reza Caselli, Tommaso Turkmen, Fatih Talat, Zeerak Aldarmaki, Hanan Computation and Language Artificial Intelligence Federated learning is a common method for privacy-preserving training of machine learning models. In this paper, we analyze the vulnerability of ASR models to attribute inference attacks in the federated setting. We test a non-parametric white-box attack method under a passive threat model on three ASR models: Wav2Vec2, HuBERT, and Whisper. The attack operates solely on weight differentials without access to raw speech from target speakers. We demonstrate attack feasibility on sensitive demographic and clinical attributes: gender, age, accent, emotion, and dysarthria. Our findings indicate that attributes that are underrepresented or absent in the pre-training data are more vulnerable to such inference attacks. In particular, information about accents can be reliably inferred from all models. Our findings expose previously undocumented vulnerabilities in federated ASR models and offer insights towards improved security. |
| title | Personal Attribute Leakage in Federated Speech Models |
| topic | Computation and Language Artificial Intelligence |
| url | https://arxiv.org/abs/2510.13357 |