Non-Intrusive speech quality assessment (NISQA) has gained significant attention for predicting the mean opinion score (MOS) of speech without requiring the reference speech. In practical NISQA scenarios, untrusted third-party resources are often employed during deep neural network training to reduce costs. However, it would introduce a potential security vulnerability as specially designed untrusted resources can launch backdoor attacks against NISQA systems. Existing backdoor attacks primarily focus on classification tasks and are not directly applicable to NISQA which is a regression task. In this paper, we propose a novel backdoor attack on NISQA tasks, leveraging presence events as triggers to achieving highly stealthy attacks. To evaluate the effectiveness of our proposed approach, we conducted experiments on four benchmark datasets and employed two state-of-the-art NISQA models. The results demonstrate that the proposed backdoor attack achieved an average attack success rate of up to 99% with a poisoning rate of only 3%.

翻译：非侵入式语音质量评估（NISQA）因无需参考语音即可预测平均意见得分（MOS）而受到广泛关注。在实际NISQA场景中，深度神经网络训练常借助不可信的第三方资源以降低成本，然而这引入了潜在安全漏洞——精心设计的不可信资源可对NISQA系统发动后门攻击。现有后门攻击主要针对分类任务，无法直接应用于作为回归任务的NISQA。本文提出一种针对NISQA任务的新型后门攻击方法，利用存在事件作为触发器实现高度隐蔽的攻击。为评估所提方法有效性，我们在四个基准数据集上开展实验，并采用两种最先进的NISQA模型。结果表明，所提后门攻击在仅3%的投毒率下实现了高达99%的平均攻击成功率。