Adversarial Transformation of Spoofing Attacks for Voice Biometrics

@article{Alans2021AdversarialTO,
  title={Adversarial Transformation of Spoofing Attacks for Voice Biometrics},
  author={Alejandro G{\'o}mez Alan{\'i}s and Jos{\'e} A. Gonz{\'a}lez and Antonio M. Peinado},
  journal={IberSPEECH 2021},
  year={2021}
}
Voice biometric systems based on automatic speaker verification (ASV) are exposed to spoofing attacks which may compromise their security. To increase the robustness against such attacks, anti-spoofing or presentation attack detection (PAD) systems have been proposed for the detection of replay, synthesis and voice conversion based attacks. Recently, the scientific community has shown that PAD systems are also vulnerable to adversarial attacks. However, to the best of our knowledge, no previous… 

Figures and Tables from this paper

GANBA: Generative Adversarial Network for Biometric Anti-Spoofing

TLDR
A new generative adversarial network for biometric anti-spoofing (GANBA) is proposed, able to generate adversarial spoofing attacks which can fool the complete voice biometric system and the resulting PAD discriminators of the proposed GANBA can be used as a defense technique for detecting both original and adversarial prank attacks.

References

SHOWING 1-10 OF 27 REFERENCES

On Joint Optimization of Automatic Speaker Verification and Anti-Spoofing in the Embedding Space

TLDR
This work develops a new integration neural network which jointly processes the embeddings extracted from ASV and anti-spoofing systems in order to detect both zero-effort impostors and spoofing attacks.

Adversarial Attacks on Spoofing Countermeasures of Automatic Speaker Verification

TLDR
This paper investigates the vulnerability of spoofing countermeasures for ASV under both white-box and black-box adversarial attacks with the fast gradient sign method (FGSM) and the projected gradient descent (PGD) method and shows all implemented countermeasure models are vulnerable to FGSM and PGD attacks.

Black-Box Attacks on Spoofing Countermeasures Using Transferability of Adversarial Examples

TLDR
Spoofing countermeasure models are also vulnerable to black-box attacks, so an iterative ensemble method (IEM) combined with MI-FGSM could effectively generate adversarial examples with higher transferability.

ASVspoof 2019: A large-scale public database of synthesized, converted and replayed speech

A Kernel Density Estimation Based Loss Function and its Application to ASV-Spoofing Detection

TLDR
A new concept of loss function for training DNNs which is based on kernel density estimation (KDE) techniques is developed and shows that training a DNN based anti-spoofing system with the proposed loss functions clearly outperforms the performance of the same system being trained with other well-known loss functions.

Performance evaluation of front- and back-end techniques for ASV spoofing detection systems based on deep features

TLDR
An extensive empirical investigation on the speech features and back-end classifiers providing the best overall performance for an antispoofing system based on a deep learning framework shows that classical FBANK features and Linear Discriminant Analysis (LDA) obtain the best performance for the proposed system.

The ASVspoof 2017 Challenge: Assessing the Limits of Replay Spoofing Attack Detection

TLDR
The database, protocols and initial protocols for the development of replay attack countermeasures for ASVspoof 2017 are described, indicating that the quest for countermeasures which are resilient in the face of variable replay attacks remains very much alive.

A Gated Recurrent Convolutional Neural Network for Robust Spoofing Detection

TLDR
This work proposes the use of Gated Recurrent Convolutional Neural Networks (GRCNNs) as a deep feature extractor to robustly represent speech signals as utterance-level embeddings, which are later used by a back-end recognizer for the final genuine/spoofed classification.

ASVspoof 2019: Future Horizons in Spoofed and Fake Audio Detection

TLDR
The 2019 database, protocols and challenge results are described, and major findings which demonstrate the real progress made in protecting against the threat of spoofing and fake audio are outlined.

A Deep Identity Representation for Noise Robust Spoofing Detection

TLDR
A deep learning framework to extract spoofing identity vectors, as well as the use of soft missing-data masks are proposed, which clearly outperforms other methods recently proposed such as the popular CQCC+GMM system or other similar deep feature systems for both seen and unseen noisy conditions.