数据采集与处理2026,Vol.41Issue(1):109-116,8.DOI:10.16337/j.1004-9037.2026.01.007
面向Transformer语音识别模型的高迁移通用对抗样本生成方法
Universal Adversarial Example Generation Method with High Transferability for Transformer-Based Speech Recognition Models
王振 1韩纪庆 1何勇军 1郑铁然 1郑贵滨1
作者信息
- 1. 哈尔滨工业大学计算机科学与技术学院,哈尔滨 150001
- 折叠
摘要
Abstract
In recent years,the emergence of the Transformer model has significantly enhanced the accuracy of automatic speech recognition technology.This research aims to address the critical security vulnerabilities in Transformer-based automatic speech recognition systems by enhancing the transferability of universal speech adversarial examples.While Transformer models have significantly advanced speech processing,their susceptibility to universal adversarial perturbations remains a major concern.To exploit these weaknesses effectively,we propose a novel attack framework that leverages the structural commonalities of Transformer architectures.First,we implement a feature-level disruption strategy that maximizes the dissimilarity between perturbed and original speech within the middle-layer representations.By altering these latent representation patterns,the attack successfully shifts the internal decision boundaries of models.Second,given that sample-dependent semantic information often inhibits the generalization of universal noise,we introduce an attention gradient control mechanism.This mechanism strategically weakens the gradients associated with semantic context features,forcing the perturbation to capture underlying,sample-independent acoustic vulnerabilities instead.Finally,experimental evaluations conducted on LibriSpeech demonstrate the superior performance of the proposed method.The results indicate that our approach achieves an average word error rate of 80.6%across multiple target models,representing a 36.6%improvement in transferability compared to existing baseline universal attacks.These findings conclude that the targeted manipulation of middle-layer features combined with the suppression of semantic dependencies is a highly effective strategy for cross-model adversarial threats.关键词
语音识别/对抗样本/黑盒攻击/注意力机制Key words
speech recognition/adversarial examples/black-box attack/attention mechanism分类
信息技术与安全科学引用本文复制引用
王振,韩纪庆,何勇军,郑铁然,郑贵滨..面向Transformer语音识别模型的高迁移通用对抗样本生成方法[J].数据采集与处理,2026,41(1):109-116,8.
