CN110992951A - Method for protecting personal privacy based on countermeasure sample - Google Patents

Method for protecting personal privacy based on countermeasure sample Download PDF

Info

Publication number
CN110992951A
CN110992951A CN201911228334.3A CN201911228334A CN110992951A CN 110992951 A CN110992951 A CN 110992951A CN 201911228334 A CN201911228334 A CN 201911228334A CN 110992951 A CN110992951 A CN 110992951A
Authority
CN
China
Prior art keywords
interference
voice
optimization function
voice recognition
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911228334.3A
Other languages
Chinese (zh)
Other versions
CN110992951B (en
Inventor
付强
郭九麟
彭凝多
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Hongwei Technology Co Ltd
Original Assignee
Sichuan Hongwei Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Hongwei Technology Co Ltd filed Critical Sichuan Hongwei Technology Co Ltd
Priority to CN201911228334.3A priority Critical patent/CN110992951B/en
Publication of CN110992951A publication Critical patent/CN110992951A/en
Application granted granted Critical
Publication of CN110992951B publication Critical patent/CN110992951B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
    • G10L15/00Speech recognition
    • G10L15/22Procedures used during a speech recognition process, e.g. man-machine dialogue
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/004Artificial life, i.e. computing arrangements simulating life
    • G06N3/006Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
    • G10L15/00Speech recognition
    • G10L15/26Speech to text systems
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS OR SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING; SPEECH OR AUDIO CODING OR DECODING
    • G10L15/00Speech recognition
    • G10L15/22Procedures used during a speech recognition process, e.g. man-machine dialogue
    • G10L2015/223Execution procedure of a spoken command

Abstract

The invention discloses a method for protecting personal privacy based on a confrontation sample, intelligent equipment comprises a microphone, a loudspeaker, a voice recognition module and an interference generation module, and the method comprises the following steps: the user starts an interference generating module, and the interference generating module generates an interference signal and plays the interference signal through a loudspeaker; the microphone collects voice signals and sends the voice signals to the voice recognition module for recognition, and the voice signals comprise user voices and interference signals; the interference generating module is turned off when a voice assistant is needed to use the smart device normally. The method determines the voice space needing interference based on the basic pronunciation, greatly reduces the space and reduces the time for generating the confrontation sample compared with the space of the speaking content; from the acoustic perspective, the voice signal outside the human hearing range is used as a search space, and the search is not perceived by the user; and finding out the universal interference m by adopting a particle swarm optimization algorithm in a search space to obtain a countermeasure sample and protect the privacy of a user.

Description

Method for protecting personal privacy based on countermeasure sample
Technical Field
The invention relates to the technical field of information security, in particular to a method for protecting personal privacy based on a confrontation sample.
Background
With the increasing maturity of artificial intelligence theory and technology, the application field is continuously expanded, and the life style of people is greatly improved and facilitated. The voice recognition is one of the enabling directions of the artificial intelligence technology, and the accuracy of the voice recognition is also continuously improved. The characteristics of the voice interaction mode enable the voice interaction mode to have great potential in the environment of the Internet of things. For example, aiming at the task of setting an alarm clock for a smart phone in daily life, a voice instruction of a few seconds is needed to complete. In the process, the hands are released, low-cost devices such as a microphone, a processor and a loudspeaker of the smart phone are used, and the task is completed through simple voice instructions. From this we can see that voice interaction has the advantages of simplicity, rapidity, low equipment cost, context comprehension, etc. Based on the advantages, the voice interaction also has absolute advantages in a plurality of scenes such as families, vehicles, hiking and the like. While the artificial intelligence technology brings convenience and convenience to people, problems are also associated, for example, when a user does not turn on a voice function of the intelligent device, a voice assistant and the like of the intelligent device always waits for a wake-up word of the user to activate the voice function, namely, the voice assistant and the like listen to the voice content of the user and do not recognize the voice content of the user in a voice recognition system, and the recognized content is used for recommendation of other applications, which is obviously not desired by the user and infringes the privacy of the user.
Disclosure of Invention
The invention aims to provide a method for protecting personal privacy based on an antagonistic sample, which is used for solving the problem that the intelligent equipment identifies the chat content of a user to damage the privacy of the user in the prior art.
The invention protects the voice content of the user from being correctly identified by the intelligent equipment through the following technical scheme:
a method of protecting personal privacy based on an antagonistic sample, comprising a smart device comprising a microphone, a speaker, a voice recognition module, the smart device further comprising an interference generation module, the method comprising:
step S1: the user starts an interference generating module, and the interference generating module generates an interference signal and plays the interference signal through a loudspeaker;
step S2: a microphone collects voice signals, wherein the voice signals comprise user voices and interference signals and are sent to a voice recognition module for recognition, and the voice recognition module cannot recognize original contents of the user voices;
step S3: and when the voice assistant of the intelligent equipment needs to be used normally, the interference generation module is closed so as to achieve the purpose of normal use.
The method is characterized in that small interference (interference signals) which cannot be perceived by some people are intentionally added to an input sample (user voice), so that a voice recognition module of the intelligent equipment gives an erroneous output with high confidence level, namely, an antagonistic sample is introduced into the voice recognition field, and different purposes can be achieved by making different limits on the interference signals.
Further, the method for generating the interference signal by the interference generation module is as follows:
step A: the interference generation module acquires the calling right of the voice recognition module;
and B: determining a voice space needing to be interfered, and recording the voice space as X;
and C: recording voice signals outside the audible range of a person as a search space S according to the acoustic angle;
step D: searching general interference m by adopting a particle swarm optimization algorithm, so that m meets the following requirements: when the universal interference m and any element in the voice space X are played together, the voice recognition module can make a mistake, and the universal interference m is an interference signal.
Further, the particle swarm optimization algorithm in the step D includes:
step D1: initializing optimal values of an optimal particle sequence and an optimization function, wherein the optimization function is defined according to the alignment error of a voice recognition result obtained after all members in a voice space X are added with a universal interference m;
step D2: randomly generating 99 random particle sequences, and adding the optimal particle sequences to obtain 100 particles in total;
step D3: calculating an optimization function value of each of the 99 random particle sequences and the optimal particle sequence, comparing the minimum optimization function value with the optimal value of the optimization function, if the minimum optimization function value is smaller than the optimal value of the optimization function, setting the particle sequence corresponding to the minimum optimization function value as the optimal particle sequence, and setting the minimum optimization function value as the optimal value of the optimization function;
step D4: judging whether the optimal value of the optimization function is smaller than a preset value or not, if so, determining the optimal particle sequence as the universal interference m, and ending; otherwise, the positions and velocities of the 99 random particle sequences are updated, and the procedure returns to step D3.
Further, the method for acquiring the call right of the speech recognition module by the interference generation module in the step a includes: and accessing through a developer account of a voice recognition module manufacturer, or directly using a voice recognition module of the intelligent equipment, and acquiring a voice recognition interface in a reverse mode.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the method determines the voice space needing interference based on the basic pronunciation, greatly reduces the space and reduces the time for generating the confrontation sample compared with the space of the speaking content; from the acoustic perspective, the voice signal outside the human hearing range is used as a search space, and the search is not perceived by the user; the particle swarm optimization algorithm is adopted in the search space, the interference m is found, one interference is aimed at the elements of the pronunciation space, the elements of the pronunciation spaces can make mistakes and are universal interference, a countermeasure sample is obtained, and the privacy of a user is protected.
Drawings
FIG. 1 is a functional block diagram of the present invention;
fig. 2 is a threshold curve of the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples, but the embodiments of the present invention are not limited thereto.
Example 1:
with reference to fig. 1, a method for protecting personal privacy based on a confrontation sample includes a smart device, the smart device includes a microphone, a speaker, and a voice recognition module, the smart device further includes an interference generation module, and the method includes:
step S1: the user starts an interference generating module, and the interference generating module generates an interference signal and plays the interference signal through a loudspeaker;
step S2: a microphone collects voice signals, wherein the voice signals comprise user voices and interference signals and are sent to a voice recognition module for recognition, and the voice recognition module cannot recognize original contents of the user voices;
step S3: the interference generating module is turned off when a voice assistant is needed to use the smart device normally.
The method is characterized in that small interference (interference signals) which cannot be perceived by some people are intentionally added to an input sample (user voice), so that a voice recognition module of the intelligent equipment gives an erroneous output with high confidence level, namely, an antagonistic sample is introduced into the voice recognition field, and different purposes can be achieved by making different limits on the interference signals.
Further, the method for generating the interference signal by the interference generation module is as follows:
step A: the interference generation module acquires the calling right of the voice recognition module; the access can be realized through a developer account of a voice recognition module manufacturer, and the developer account is registered only by cloud service provision;
or the voice recognition module of the intelligent equipment is directly used, only equipment merchants need to be called normally, and a voice recognition interface (a third party) can be obtained in a reverse mode;
and B: determining a voice space needing to be interfered, and recording the voice space as X; the space of the basic pronunciation is much smaller than the space of the human speech content, such as: the combination of initial consonants and final consonants in Chinese removes the total 400 multi-syllables which can not pronounce, therefore, collect these 400 multi-syllables and obtain the speech space needing to interfere and note as X;
and C: recording voice signals outside the audible range of a person as a search space S according to the acoustic angle; the search is not perceived by the user, and it needs to be considered from the acoustic point of view, and the human ear hearing can not sense the sound of all frequencies and all sound intensities, but only sense the sound of a certain sound pressure and frequency range. The frequency range of normal human audible sound pressure is 20 Hz-20 kHz. Generally, young people can hear 20kHz sounds, while old people can hear high frequency sounds reduced to 10 kHz. Furthermore, the audible sound intensity range of normal people is 0-120 dB SPL (sound pressure level). The pure tone threshold is also called absolute threshold and silent threshold, which reflects the minimum sound pressure level that the human ear can just hear the sound in a quiet environment without any other sound interference, and the unit of the sound pressure level is dB, and the sound pressure level is related to the frequency. The threshold of hearing refers to the lowest sound pressure level that can be heard. There is a corresponding relationship between absolute hearing threshold and frequency. As shown in fig. 2, which is the "absolute hearing threshold" curve obtained according to the formula. Below the threshold curve is our search space.
Step D: searching general interference m by adopting a particle swarm optimization algorithm, so that m meets the following requirements: when the universal interference m and any element in the voice space X are played together, the voice recognition module can make a mistake, and the universal interference m is an interference signal.
Defining an optimization function in the particle swarm optimization algorithm according to the errors of the voice recognition results after all members in the voice space X are added with the universal interference m; for example: the recognition is correct to 1 (recognition structure is consistent with the collection), and the error is 0 (recognition result is inconsistent with the collection). The optimized search space is S in step C, and by defining an optimization function, we can know that each member in the speech space X can be correctly identified after m is added, and the final value of the optimization function is the total number of pronunciations, namely the number of members in X; if m is added, errors are identified, when the final value of the optimization function is 0. When m is obtained, most of m can be made wrong, namely the minimum value of the optimization function value reaches a preset value;
the solving step comprises the following steps:
step D1: initializing optimal values of the optimal particle sequence and the optimization function;
step D2: randomly generating 99 random particle sequences, and adding the optimal particle sequences to obtain 100 particles in total;
step D3: calculating an optimization function value of each of the 99 random particle sequences and the optimal particle sequence, comparing the minimum optimization function value with the optimal value of the optimization function, if the minimum optimization function value is smaller than the optimal value of the optimization function, setting the particle sequence corresponding to the minimum optimization function value as the optimal particle sequence, and setting the minimum optimization function value as the optimal value of the optimization function;
step D4: judging whether the optimal value of the optimization function is smaller than a preset value or not, if so, determining the optimal particle sequence as the universal interference m, and ending; otherwise, the positions and velocities of the 99 random particle sequences are updated, and the procedure returns to step D3.
Through the steps, a universal interference m is found, namely the result to be found by the user.
The interference generation module obtains the calling right of the voice recognition module and is used for verifying and determining whether the added interference achieves the purpose of making voice error.
Although the present invention has been described herein with reference to the illustrated embodiments thereof, which are intended to be preferred embodiments of the present invention, it is to be understood that the invention is not limited thereto, and that numerous other modifications and embodiments can be devised by those skilled in the art that will fall within the spirit and scope of the principles of this disclosure.

Claims (4)

1. A method for protecting personal privacy based on confrontation samples, comprising a smart device, the smart device comprising a microphone, a speaker, a voice recognition module, wherein the smart device further comprises an interference generation module, the method comprising:
step S1: the user starts an interference generating module, and the interference generating module generates an interference signal and plays the interference signal through a loudspeaker;
step S2: a microphone collects voice signals and sends the voice signals to a voice recognition module for recognition, wherein the voice signals comprise user voice and interference signals;
step S3: the interference generating module is turned off when a voice assistant is needed to use the smart device normally.
2. The method of claim 1, wherein the method for generating the interference signal by the interference generation module comprises:
step A: the interference generation module acquires the calling right of the voice recognition module;
and B: determining a voice space needing to be interfered, and recording the voice space as X;
and C: recording voice signals outside the audible range of a person as a search space S according to the acoustic angle;
step D: searching general interference m by adopting a particle swarm optimization algorithm, so that m meets the following requirements: when the universal interference m and any element in the voice space X are played together, the voice recognition module can make a mistake, and the universal interference m is an interference signal.
3. The method according to claim 2, wherein the particle swarm optimization algorithm in step D comprises:
step D1: initializing optimal values of an optimal particle sequence and an optimization function, wherein the optimization function is defined according to the alignment error of a voice recognition result obtained after all members in a voice space X are added with a universal interference m;
step D2: randomly generating 99 random particle sequences, and adding the optimal particle sequences to obtain 100 particles in total;
step D3: calculating an optimization function value of each of the 99 random particle sequences and the optimal particle sequence, comparing the minimum optimization function value with the optimal value of the optimization function, if the minimum optimization function value is smaller than the optimal value of the optimization function, setting the particle sequence corresponding to the minimum optimization function value as the optimal particle sequence, and setting the minimum optimization function value as the optimal value of the optimization function;
step D4: judging whether the optimal value of the optimization function is smaller than a preset value or not, if so, determining the optimal particle sequence as the universal interference m, and ending; otherwise, the positions and velocities of the 99 random particle sequences are updated, and the procedure returns to step D3.
4. The method for protecting personal privacy based on the countermeasure sample according to claim 2 or 3, wherein the method for the interference generation module to obtain the call right of the voice recognition module in step A comprises: and accessing through a developer account of a voice recognition module manufacturer, or directly using a voice recognition module of the intelligent equipment, and acquiring a voice recognition interface in a reverse mode.
CN201911228334.3A 2019-12-04 2019-12-04 Method for protecting personal privacy based on countermeasure sample Active CN110992951B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911228334.3A CN110992951B (en) 2019-12-04 2019-12-04 Method for protecting personal privacy based on countermeasure sample

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911228334.3A CN110992951B (en) 2019-12-04 2019-12-04 Method for protecting personal privacy based on countermeasure sample

Publications (2)

Publication Number Publication Date
CN110992951A true CN110992951A (en) 2020-04-10
CN110992951B CN110992951B (en) 2022-07-26

Family

ID=70089915

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911228334.3A Active CN110992951B (en) 2019-12-04 2019-12-04 Method for protecting personal privacy based on countermeasure sample

Country Status (1)

Country Link
CN (1) CN110992951B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113129875A (en) * 2021-03-12 2021-07-16 嘉兴职业技术学院 Voice data privacy protection method based on countermeasure sample

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040125922A1 (en) * 2002-09-12 2004-07-01 Specht Jeffrey L. Communications device with sound masking system
CN102543066A (en) * 2011-11-18 2012-07-04 中国科学院声学研究所 Target voice privacy protection method and system
CN108831471A (en) * 2018-09-03 2018-11-16 与德科技有限公司 A kind of voice method for security protection, device and route terminal
CN109036389A (en) * 2018-08-28 2018-12-18 出门问问信息科技有限公司 The generation method and device of a kind of pair of resisting sample
CN109887496A (en) * 2019-01-22 2019-06-14 浙江大学 Orientation confrontation audio generation method and system under a kind of black box scene
CN109902705A (en) * 2018-10-30 2019-06-18 华为技术有限公司 A kind of object detection model to disturbance rejection generation method and device
US20190212976A1 (en) * 2017-05-03 2019-07-11 The Reverie Group, Llc Enhanced control and security of a voice controlled device
CN110048797A (en) * 2019-04-10 2019-07-23 中国科学院声学研究所 A kind of acoustics protective device of prevention audio-frequency information leakage
US20190333493A1 (en) * 2018-04-26 2019-10-31 Ronald J. Zenk Privacy sleeve for smart speakers

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040125922A1 (en) * 2002-09-12 2004-07-01 Specht Jeffrey L. Communications device with sound masking system
CN102543066A (en) * 2011-11-18 2012-07-04 中国科学院声学研究所 Target voice privacy protection method and system
US20190212976A1 (en) * 2017-05-03 2019-07-11 The Reverie Group, Llc Enhanced control and security of a voice controlled device
US20190333493A1 (en) * 2018-04-26 2019-10-31 Ronald J. Zenk Privacy sleeve for smart speakers
CN109036389A (en) * 2018-08-28 2018-12-18 出门问问信息科技有限公司 The generation method and device of a kind of pair of resisting sample
CN108831471A (en) * 2018-09-03 2018-11-16 与德科技有限公司 A kind of voice method for security protection, device and route terminal
CN109902705A (en) * 2018-10-30 2019-06-18 华为技术有限公司 A kind of object detection model to disturbance rejection generation method and device
CN109887496A (en) * 2019-01-22 2019-06-14 浙江大学 Orientation confrontation audio generation method and system under a kind of black box scene
CN110048797A (en) * 2019-04-10 2019-07-23 中国科学院声学研究所 A kind of acoustics protective device of prevention audio-frequency information leakage

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈宇飞 等: "人工智能系统安全与隐私风险", 《计算机研究与发展》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113129875A (en) * 2021-03-12 2021-07-16 嘉兴职业技术学院 Voice data privacy protection method based on countermeasure sample

Also Published As

Publication number Publication date
CN110992951B (en) 2022-07-26

Similar Documents

Publication Publication Date Title
US11823679B2 (en) Method and system of audio false keyphrase rejection using speaker recognition
US10631087B2 (en) Method and device for voice operated control
US20220295194A1 (en) Interactive system for hearing devices
Principi et al. An integrated system for voice command recognition and emergency detection based on audio signals
US10825353B2 (en) Device for enhancement of language processing in autism spectrum disorders through modifying the auditory stream including an acoustic stimulus to reduce an acoustic detail characteristic while preserving a lexicality of the acoustics stimulus
US11521598B2 (en) Systems and methods for classifying sounds
CN112352441B (en) Enhanced environmental awareness system
US20190138603A1 (en) Coordinating Translation Request Metadata between Devices
US20220122605A1 (en) Method and device for voice operated control
JP6662962B2 (en) Speaker verification method and speech recognition system
CN108476072A (en) Crowdsourcing database for voice recognition
CN111491236A (en) Active noise reduction earphone, awakening method and device thereof and readable storage medium
WO2019228329A1 (en) Personal hearing device, external sound processing device, and related computer program product
CN110992951B (en) Method for protecting personal privacy based on countermeasure sample
US10950253B2 (en) Vocal feedback device and method of use
WO2008075305A1 (en) Method and apparatus to address source of lombard speech
Vovos et al. Speech operated smart-home control system for users with special needs.
TWI831785B (en) Personal hearing device
TWI824424B (en) Hearing aid calibration device for semantic evaluation and method thereof
US20210064329A1 (en) System for Voice-Based Alerting of Person Wearing an Obstructive Listening Device
JP6918471B2 (en) Dialogue assist system control method, dialogue assist system, and program
JP2008286921A (en) Keyword extraction device, keyword extraction method, and program and recording medium therefor
US20230290356A1 (en) Hearing aid for cognitive help using speaker recognition
JP6662116B2 (en) Information processing apparatus, and voice sharing method and program
JP5052107B2 (en) Voice reproduction device and voice reproduction method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant