The rapid advancements in artificial intelligence have significantly accelerated the adoption of speech recognition technology, leading to its widespread integration across various applications. However, this surge in usage also highlights a critical issue: audio data is highly vulnerable to unauthorized exposure and analysis, posing significant privacy risks for businesses and individuals. This paper introduces an Information-Obfuscation Reversible Adversarial Example (IO-RAE) framework, the pioneering method designed to safeguard audio privacy using reversible adversarial examples. IO-RAE leverages large language models to generate misleading yet contextually coherent content, effectively preventing unauthorized eavesdropping by humans and Automatic Speech Recognition (ASR) systems. Additionally, we propose the Cumulative Signal Attack technique, which mitigates high-frequency noise and enhances attack efficacy by targeting low-frequency signals. Our approach ensures the protection of audio data without degrading its quality or our ability. Experimental evaluations demonstrate the superiority of our method, achieving a targeted misguidance rate of 96.5% and a remarkable 100% untargeted misguidance rate in obfuscating target keywords across multiple ASR models, including a commercial black-box system from Google. Furthermore, the quality of the recovered audio, measured by the Perceptual Evaluation of Speech Quality score, reached 4.45, comparable to high-quality original recordings. Notably, the recovered audio processed by ASR systems exhibited an error rate of 0%, indicating nearly lossless recovery. These results highlight the practical applicability and effectiveness of our IO-RAE framework in protecting sensitive audio privacy.

翻译：人工智能的快速发展极大地加速了语音识别技术的普及，使其广泛应用于各类场景。然而，使用量的激增也突显出一个关键问题：音频数据极易遭受未经授权的暴露与分析，对企业和个人构成重大的隐私风险。本文提出了一种信息混淆可逆对抗样本框架，这是首个利用可逆对抗样本来保护音频隐私的开创性方法。IO-RAE 利用大语言模型生成具有误导性但上下文连贯的内容，从而有效防止人类和自动语音识别系统进行未经授权的窃听。此外，我们提出了累积信号攻击技术，该技术通过针对低频信号来减轻高频噪声并增强攻击效果。我们的方法能在不降低音频质量或可用性的前提下确保音频数据的保护。实验评估证明了我们方法的优越性：在包括谷歌商业黑盒系统在内的多个 ASR 模型上，针对目标关键字的混淆实现了 96.5% 的定向误导率和高达 100% 的非定向误导率。此外，通过感知语音质量评估得分衡量，恢复音频的质量达到了 4.45，与高质量原始录音相当。值得注意的是，经 ASR 系统处理的恢复音频错误率为 0%，表明其近乎无损的恢复能力。这些结果凸显了我们提出的 IO-RAE 框架在保护敏感音频隐私方面的实际适用性和有效性。