@techreport{oai:ipsj.ixsq.nii.ac.jp:00241664, author = {北村, 悠 and 齋藤, 大輔 and 峯松, 信明 and Yu, Kitamura and Daisuke, Saito and Nobuaki, Minematsu}, issue = {44}, month = {Dec}, note = {近年,敵対的サンプルという攻撃手法による,話者認証モデルへの攻撃が多数報告されている.現状の敵対的サンプルは,攻撃対象となる話者認証モデルが完全に既知でなければ攻撃ができず,未知のモデルへの攻撃性能が低いという課題がある.そこで本研究では,入力音声と登録話者音声の話者埋め込みの差分に基づいて敵対的サンプルを生成する手法を提案する.この手法では,攻撃対象のモデルのうち話者埋め込み抽出器部分のみ既知であれば,敵対的サンプルを生成できる.先行研究では,攻撃対象のモデルの話者埋め込み抽出器が既知であれば,その後のスコア算出部分の構造によらず,高い成功率で攻撃ができることが確認された.本稿では,話者埋め込み抽出器が異なる話者認証モデルに対する,提案手法の攻撃性能を調査した.その結果,話者埋め込み抽出器が異なる話者認証モデルに対しては,提案手法でも攻撃が難しいことが確認された., In recent years, many attacks using adversarial example against speaker verification models have been reported. Currently, adversarial example can only be used if the attacked speaker verification model is completely known. Therefore, the attack performance on unknown models is poor. In this research, We propose a method to generate adversarial example based on the difference of speaker embeddings between input speech and enrolled speaker’s speech. This method can generate adversarial example if only the speaker embedding extractor part of the attacked model is known. In previous research, if the speaker embedding extractor of the attacked model is known, attack with proposed method can be carried out with high success rate, regardless of structure of scoring architecture. In this paper, we investigate the attack performance of the proposed method on speaker verification models with different embedding extractors. As a result, the proposed method is difficult to attack models with different speaker embedding extractor.}, title = {話者埋め込みの差異に基づく敵対的サンプルの複数の話者認証モデルへの攻撃性能の調査}, year = {2024} }