π€ AI Summary
This work addresses the underexplored vulnerability of speech emotion recognition (SER) systems to backdoor attacks, particularly when trained on text-to-speech (TTS)-synthesized data. It presents the first systematic investigation of backdoor threats in SER, introducing a stealthy, low-energy acoustic trigger that can be imperceptibly embedded into both natural and TTS-generated speech. By integrating self-supervised acoustic representation learning with backdoor transfer techniques, the proposed method achieves high attack success rates even under extremely low poisoning ratios, while preserving near-original model performance on clean inputs. Extensive experiments demonstrate that the designed trigger exhibits strong generalization and cross-model transferability, revealing the heightened susceptibility of self-supervised representations to backdoor manipulation.
π Abstract
Speech Emotion Recognition (SER) systems increasingly leverage self-supervised acoustic representations, yet their vulnerability to training-time attacks remains largely underexplored. This paper presents the first systematic study of poisoning-based backdoor attacks on SER, with a focus on threats enabled by text-to-speech (TTS) generated audio. We introduce a stealthy, low-energy acoustic trigger that can be embedded imperceptibly into both natural and synthetic speech, enabling scalable and consistent poisoning. Our experiments demonstrate that SER models can be reliably compromised with high attack success rates under low poisoning ratios, while maintaining near-clean performance on benign inputs. We further show that backdoor patterns exhibit strong cross-model transferability and that self-supervised representations are particularly susceptible to learning these triggers. These findings reveal that TTS technology dramatically lowers the barrier to effective backdoor attacks, exposing critical vulnerabilities in modern SER pipelines and motivating the urgent need for dedicated defenses.