Backdoor Attacks against Deep Neural Networks by Personalized Audio Steganography

In the world of cyber security, backdoor attacks are widely used. These attacks work by injecting a hidden backdoor into training samples to mislead models into making incorrect judgments for achieving the effect of the attack. However, since the triggers in backdoor attacks are relatively single, defenders can easily detect backdoor triggers of different corrupted samples based on the same behavior. In addition, most current work considers image classification as the object of backdoor attacks, and there is almost no related research on speaker verification. This paper proposes a novel audio steganography-based personalized trigger backdoor attack that embeds hidden trigger techniques into deep neural networks. Specifically, the backdoor speaker verification uses a pre-trained audio steganography network that employs specific triggers for different samples to implicitly write personalized information to all corrupted samples. This personalized method can significantly improve the concealment of the attack and the success rate of the attack. In addition, only the frequency and pitch were modified and the structure of the attacked model was left unaltered, making the attack behavior stealthy. The proposed method provides a new attack direction for speaker verification. Through extensive experiments, we verified the effectiveness of the proposed method.