The defender's perspective on automatic speaker verification: An overview

• URL: http://arxiv.org/abs/2305.12804v2
• Date: Sun, 25 Jun 2023 09:22:09 GMT
• Title: The defender's perspective on automatic speaker verification: An overview
• Authors: Haibin Wu, Jiawen Kang, Lingwei Meng, Helen Meng and Hung-yi Lee
• Abstract summary: The reliability of automatic speaker verification (ASV) has been undermined by the emergence of spoofing attacks. The aim of this paper is to provide a thorough and systematic overview of the defense methods used against these types of attacks.
• Score: 87.83259209657292
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Automatic speaker verification (ASV) plays a critical role in security-sensitive environments. Regrettably, the reliability of ASV has been undermined by the emergence of spoofing attacks, such as replay and synthetic speech, as well as adversarial attacks and the relatively new partially fake speech. While there are several review papers that cover replay and synthetic speech, and adversarial attacks, there is a notable gap in a comprehensive review that addresses defense against adversarial attacks and the recently emerged partially fake speech. Thus, the aim of this paper is to provide a thorough and systematic overview of the defense methods used against these types of attacks.

Related papers

• RSD-GAN: Regularized Sobolev Defense GAN Against Speech-to-Text Adversarial Attacks [9.868221447090853]
  This paper introduces a new synthesis-based defense algorithm for counteracting adversarial attacks developed for challenging the performance of speech-to-text transcription systems. Our algorithm implements a Sobolev-based GAN and proposes a novel regularizer for effectively controlling over the functionality of the entire generative model.
  arXiv  Detail & Related papers  (2022-07-14T12:22:19Z)
• Mel Frequency Spectral Domain Defenses against Adversarial Attacks on Speech Recognition Systems [33.21836814000979]
  This paper explores speech specific defenses using the mel spectral domain, and introduces a novel defense method called'mel domain noise flooding' (MDNF) MDNF applies additive noise to the mel spectrogram of a speech utterance prior to re-synthesising the audio signal. We test the defenses against strong white-box adversarial attacks such as projected gradient descent (PGD) and Carlini-Wagner (CW) attacks.
  arXiv  Detail & Related papers  (2022-03-29T06:58:26Z)
• Practical Attacks on Voice Spoofing Countermeasures [3.388509725285237]
  We show how a malicious actor may efficiently craft audio samples to bypass voice authentication in its strictest form. Our results call into question the security of modern voice authentication systems in light of the real threat of attackers bypassing these measures.
  arXiv  Detail & Related papers  (2021-07-30T14:07:49Z)
• Improving the Adversarial Robustness for Speaker Verification by Self-Supervised Learning [95.60856995067083]
  This work is among the first to perform adversarial defense for ASV without knowing the specific attack algorithms. We propose to perform adversarial defense from two perspectives: 1) adversarial perturbation purification and 2) adversarial perturbation detection. Experimental results show that our detection module effectively shields the ASV by detecting adversarial samples with an accuracy of around 80%.
  arXiv  Detail & Related papers  (2021-06-01T07:10:54Z)
• WaveGuard: Understanding and Mitigating Audio Adversarial Examples [12.010555227327743]
  We introduce WaveGuard: a framework for detecting adversarial inputs crafted to attack ASR systems. Our framework incorporates audio transformation functions and analyses the ASR transcriptions of the original and transformed audio to detect adversarial inputs.
  arXiv  Detail & Related papers  (2021-03-04T21:44:37Z)
• Defense for Black-box Attacks on Anti-spoofing Models by Self-Supervised Learning [71.17774313301753]
  We explore the robustness of self-supervised learned high-level representations by using them in the defense against adversarial attacks. Experimental results on the ASVspoof 2019 dataset demonstrate that high-level representations extracted by Mockingjay can prevent the transferability of adversarial examples.
  arXiv  Detail & Related papers  (2020-06-05T03:03:06Z)
• Defense against adversarial attacks on spoofing countermeasures of ASV [95.87555881176529]
  This paper introduces a passive defense method, spatial smoothing, and a proactive defense method, adversarial training, to mitigate the vulnerability of ASV spoofing countermeasure models. The experimental results show that these two defense methods positively help spoofing countermeasure models counter adversarial examples.
  arXiv  Detail & Related papers  (2020-03-06T08:08:54Z)
• Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks [65.20660287833537]
  In this paper we propose two extensions of the PGD-attack overcoming failures due to suboptimal step size and problems of the objective function. We then combine our novel attacks with two complementary existing ones to form a parameter-free, computationally affordable and user-independent ensemble of attacks to test adversarial robustness.
  arXiv  Detail & Related papers  (2020-03-03T18:15:55Z)
• Deflecting Adversarial Attacks [94.85315681223702]
  We present a new approach towards ending this cycle where we "deflect" adversarial attacks by causing the attacker to produce an input that resembles the attack's target class. We first propose a stronger defense based on Capsule Networks that combines three detection mechanisms to achieve state-of-the-art detection performance.
  arXiv  Detail & Related papers  (2020-02-18T06:59:13Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.