IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v13y2025i6p984-d1614132.html
   My bibliography  Save this article

Towards Robust Speech Models: Mitigating Backdoor Attacks via Audio Signal Enhancement and Fine-Pruning Techniques

Author

Listed:
  • Heyan Sun

    (Faculty of Data Science, City University of Macau, Macau 999078, China)

  • Qi Zhong

    (Faculty of Data Science, City University of Macau, Macau 999078, China)

  • Minfeng Qi

    (Faculty of Data Science, City University of Macau, Macau 999078, China)

  • Uno Fang

    (Curtin Institute for Data Science, Curtin University, Bentley, WA 6102, Australia)

  • Guoyi Shi

    (Faculty of Data Science, City University of Macau, Macau 999078, China)

  • Sanshuai Cui

    (Faculty of Data Science, City University of Macau, Macau 999078, China)

Abstract

The widespread adoption of deep neural networks (DNNs) in speech recognition has introduced significant security vulnerabilities, particularly from backdoor attacks. These attacks allow adversaries to manipulate system behavior through hidden triggers while maintaining normal operation on clean inputs. To address this challenge, we propose a novel defense framework that combines speech enhancement with neural architecture optimization. Our approach consists of three key steps. First, we use a ComplexMTASS-based enhancement network to isolate and remove backdoor triggers by leveraging their unique spectral characteristics. Second, we apply an adaptive fine-pruning algorithm to selectively deactivate malicious neurons while preserving the model’s linguistic capabilities. Finally, we fine-tune the pruned model using clean data to restore and enhance recognition accuracy. Experiments on the AISHELL dataset demonstrate the effectiveness of our method against advanced steganographic attacks, such as PBSM and VSVC. The results show a significant reduction in attack success rate to below 1.5%, while maintaining 99.4% accuracy on clean inputs. This represents a notable improvement over existing defenses, particularly under varying trigger intensities and poisoning rates.

Suggested Citation

  • Heyan Sun & Qi Zhong & Minfeng Qi & Uno Fang & Guoyi Shi & Sanshuai Cui, 2025. "Towards Robust Speech Models: Mitigating Backdoor Attacks via Audio Signal Enhancement and Fine-Pruning Techniques," Mathematics, MDPI, vol. 13(6), pages 1-16, March.
    • Handle: RePEc:gam:jmathe:v:13:y:2025:i:6:p:984-:d:1614132
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/13/6/984/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-7390/13/6/984/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:13:y:2025:i:6:p:984-:d:1614132. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.