No-Label User-Level Membership Inference for ASR Model Auditing

Miao, Yuantian, Chen, Chao, Pan, Lei, Liu, Shigang, Camtepe, Seyit, Zhang, Jun, and Xiang, Yang (2022) No-Label User-Level Membership Inference for ASR Model Auditing. In: Lecture Notes in Computer Science (13555) pp. 610-628. From: ESORICS 2022: 27th European Symposium on Research in Computer Security, 26-30 September 2022, Copenhagen, Denmark.

[img] PDF (Published Version) - Published Version
Restricted to Repository staff only

View at Publisher Website:


With the advancement of speech recognition techniques, AI-powered voice assistants become ubiquitous. However, it also increases privacy concerns regarding users’ voice recordings. User-level membership inference detects whether a service provider misused users’ audio to build its Automatic Speech Recognition (ASR) model without users’ consent. Previous research assumes the model’s outputs, including its label (i.e., transcription) and confidence score, are available for security auditing. However, the model’s outputs are unavailable in many real-world cases, i.e., no-label black-box scenarios, which is a big challenge. We propose a substitute model analysis to transfer the knowledge of the service system to that of its built-in ASR model’s behavior with semantic analysis techniques. Based on this analysis, our auditor can determine the user-level membership with high accuracy (∼ 80%) by utilizing a shadow system technique and a gap inference method. The gap inference-based auditor is generic and independent of ASR models.

Item ID: 77686
Item Type: Conference Item (Research - E1)
ISBN: 9783031171451
Keywords: Automated speech recognition, IoT privacy, Membership inference attack
Copyright Information: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022. V. Atluri et al. (Eds.): ESORICS 2022, LNCS 13555, pp. 610–628, 2022.
Date Deposited: 28 Feb 2023 23:53
FoR Codes: 40 ENGINEERING > 4006 Communications engineering > 400602 Data communications @ 50%
46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460402 Data and information privacy @ 50%
Downloads: Total: 1
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page