信息安全研究第10卷第2期2024年2月JournalotlntormationSecurityResearchVol.10No.2Feb.2024DOl:10.12379/j.issn.2096-1057.2024.02.06基于分治方法的声纹识别系统模型反演张骏飞张雄伟孙蒙(中国人民解放军陆军工程大学指挥控制工程学院南京210001)(junfeizh@163.com)ModelInversionofVoiceprintRecognitionSystemBasedonDivide-and-ConquerMethodZhangJunfei,ZhangXiongwei,andSunMeng(CollegeofCommandandControlEngineering,ArmyEngineeringUniversityofPLA,Nanjing210001)AbstractModelinversion(MI)hasraisedincreasingconcernsaboutprivacy,whichcanreconstructprivatedatafromarecognitionorclassificationmodel,thusleadingtomoreseriousprivacyinformationsecurityproblems.Thispaperisthefirstattemptatanewmodelinversionapplicationforspeechinformationsecurity:extractingspectrogramfeaturesofspeakerspeechfromvoiceprintrecognitionsystems.Inordertoreducethecomplexityanderrorintheinversionprocess,thispaperadoptstheideaofdivide-and-conquermethodtoinvertlayerbylayer,andthroughtheeffectivesupervisionofcycle-consistency,theinversionsamplesconsistentwiththespeaker'sidentityissuccessfullyreconstructed;Inaddition,duetotheparticularityofspeech,themodelfeaturelayerhascontainedrichspeakerinformation,andafterfurtherweakeningthesimilarityofsemanticinformation,theimprovedmethodsignificantlyimprovestherecognitionaccuracyofinversionsamples,indicatingthattheinversionobtainedspectrogramhascontainedinformationthateffectivelyrepresentstheidentityofthespeaker.TheresearchshowsthattheMIoftherecognitionmodelisfeasibleonthespectrogramfeatures,highlightingtheriskofprivacyinformationleakageresultingfromtheextractionofthespeechfeatureinformationinthedeepnetworkmodel.Keywordssmodelinversion;neuralnetwork;voiceprintrecognition;spectrogram;informationsecurity摘要模型反演越来越引起人们对隐私的关注,它可以从模型中重构私有隐私数据,从而引发更加严重的信息安全问题.针对语音信息安全,首次尝试了一个新的模型反演应用:从声纹识别系统中提取说话人语音的语谱图特征.为了减少反演过程中的复杂度及误差,采用分治法的思想逐层反演,并通过循环一致性的有效监督,成功...
