[1] JUNG J W,HEO H S,YANG I H,et al.A complete end-to-end speaker verification system using deep neural networks:from raw signals to verification result[C]//Proceedings of IEEE International Conference on Acoustics,Speech and Signal Processing.Washington D.C.,USA:IEEE Press,2018:5349-5353. [2] ZHANG C L,KOISHIDA K.End-to-end text-independent speaker verification with triplet loss on short utterances[EB/OL].[2020-04-05].http://m.isca-speech.org/archive/Interspeech_2017/pdfs/1608.PDF. [3] KINNUNEN T,LI H Z.An overview of text-independent speaker recognition:from features to supervectors[J].Speech Communication,2010,52(1):12-40. [4] VILLALBA J,CHEN N X,SNYDER D,et al.State-of-the-art speaker recognition with neural network embeddings in NIST SRE18 and speakers in the wild evaluations[J].Computer Speech & Language,2020,60:101026. [5] FREDRIKSON M,JHA S,RISTENPART T.Model inversion attacks that exploit confidence information and basic countermeasures[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.New York,USA:ACM Press,2015:1322-1333. [6] SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[EB/OL].[2020-04-05].https://arxiv.org/pdf/1312.6199.pdf. [7] YUAN Xiaoyong,HE Pan,ZHU Qili,et al.Adversarial examples:attacks and defenses for deep learning[J].IEEE Transactions on Neural Networks and Learning Systems,2019,30(9):2805-2824. [8] LUO Yuan,WANG Boyu,CHEN Xu.Research progresses of target detection technology based on deep learning[J].Semiconductor Optoelectronics,2020,41(1):1-10.(in Chinese)罗元,王薄宇,陈旭.基于深度学习的目标检测技术的研究综述[J].半导体光电,2020,41(1):1-10. [9] KREUK F,ADI Y,CISSE M,et al.Fooling end-to-end speaker verification with adversarial examples[C]//Proceedings of 2018 IEEE International Conference on Acoustics,Speech and Signal Processing.Washington D.C.,USA:IEEE Press,2018:1962-1966. [10] LI Xu,ZHONG Jinghua,WU Xixin,et al.Adversarial attacks on GMM I-vector based speaker verification systems[C]//Proceedings of 2020 IEEE International Conference on Acoustics,Speech and Signal Processing.Washington D.C.,USA:IEEE Press,2020:6579-6583. [11] GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[EB/OL].[2020-04-05].https://arxiv.org/pdf/1412.6572.pdf. [12] PAPERNOT N,MCDANIEL P,JHA S,et al.The limitations of deep learning in adversarial settings[C]//Proceedings of 2016 IEEE European Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2016:372-387. [13] KURAKIN A,GOODFELLOW I,BENGIO S.Adversarial examples in the physical world[EB/OL].[2020-04-05].https://arxiv.org/pdf/1607.02533.pdf?source=post_page. [14] CARLINI N,WAGNER D.Towards evaluating the robustness of neural networks[C]//Proceedings of 2017 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2017:39-57. [15] MADRY A,MAKELOV A,SCHMIDT L,et al.Towards deep learning models resistant to adversarial attacks[EB/OL].[2020-04-05].https://arxiv.org/pdf/1706.06083. [16] CHEN P Y,ZHANG H,SHARMA Y,et al.ZOO:zeroth order optimization based black-box attacks to deep neural networks without training substitute models[C]//Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security.New York,USA:ACM Press,2017:15-26. [17] CHEN J B,JORDAN M I,WAINWRIGHT M J.HopSkipJumpAttack:a query-efficient decision-based adversarial attack[EB/OL].[2020-04-05].https://arxiv.org/abs/1904.02144v1. [18] MOOSAVI-DEZFOOLI S M,FAWZI A,FROSSARD P.DeepFool:a simple and accurate method to fool deep neural networks[C]//Proceedings of IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2016:2574-2582. [19] CARLINI N,WAGNER D.Audio adversarial examples:targeted attacks on speech-to-text[C]//Proceedings of 2018 IEEE Security and Privacy Workshops.Washington D.C.,USA:IEEE Press,2018:1-7. [20] PAPERNOT N,MCDANIEL P,GOODFELLOW I,et al.Practical black-box attacks against machine learning[C]//Proceedings of 2017 ACM on Asia Conference on Computer and Communications Security.New York,USA:ACM Press,2017:506-519. [21] LAX P D,TERRELL M S.Calculus with applications[M].Berlin,Germany:Springer,2014. [22] BRENDEL W,RAUBER J,BETHGE M.Decision-based adversarial attacks:reliable attacks against black-box machine learning models[EB/OL].[2020-04-05].https://arxiv.org/pdf/1712.04248.pdf. [23] LI Chao,MA Xiaokong,JIANG Bing,et al.Deep speaker:an end-to-end neural speaker embedding system[EB/OL].[2020-04-05].https://blog.csdn.net/qq_34755941/article/details/109247992. [24] BU Hui,DU Jiayu,NA Xingyu,et al.AISHELL-1:an open-source mandarin speech corpus and a speech,recognition baseline[EB/OL].[2020-04-05].https://arxiv.org/pdf/1709.05522.pdf. [25] PANAYOTOV V,CHEN G G,POVEY D,et al.LIBRISPEECH:an ASR corpus based on public domain audio books[C]//Proceedings of IEEE International Conference on Acoustics,Speech and Signal Processing.Washington D.C.,USA:IEEE Press,2015:19-24. |