Search papers, labs, and topics across Lattice.
This paper introduces DRL-CLBA, a clean label backdoor attack for speech classification that employs Deep Deterministic Policy Gradient (DDPG) reinforcement learning to embed triggers into audio samples without altering their labels. By utilizing deep audio steganography, the attack optimizes target samples toward trigger-bearing anchor points in the model's latent space, allowing it to evade traditional defenses. Experimental results show that DRL-CLBA achieves a high attack success rate across multiple datasets and neural networks, revealing significant vulnerabilities in speech-controlled systems against various defense mechanisms.
Clean label backdoor attacks can now bypass traditional defenses in speech classification systems, exposing critical vulnerabilities that were previously thought secure.
Deep learning models for speech classification are vulnerable to backdoor attacks, where malicious triggers cause misclassification at inference time. While sample-specific attacks can bypass many defenses, they often rely on poisoned label attack, making them detectable via manual data defense. In this paper, we propose DRL-CLBA, a novel clean label backdoor attack for speech classification that leverages Deep Deterministic Policy Gradient (DDPG) reinforcement learning. We also utilize deep audio steganography to embed sample-specific triggers into source audio, creating feature-space anchors. The proposed reinforcement learning framework effectively optimizes target samples toward trigger-bearing anchor points in the model's deep latent space, enabling label-migration-free poisoning of target samples. Experimental results across three datasets and four different DNNs demonstrate that DRL-CLBA achieves a high attack success rate, effectively bypassing some backdoor defenses. The attack demonstrates strong resistance against fine-tuning, pruning, and spectral signature defenses, exposing critical vulnerabilities in speech-controlled systems.