Examining Vulnerability of Voice Verification Systems to Spoofing Attacks by Means of a TTS System

Shchemelinin, Vadim; Simonchik, Konstantin

doi:10.1007/978-3-319-01931-4_18

Cited by 17 publications

(6 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Automatic speaker verification (ASV) systems aim at confirming a claimed speaker identity against a spoken utterance, which has been widely applied into commercial devices and authorization tools. However, it is also broadly noticed that malicious attacks can easily degrade a well-developed ASV system, and such attacks may be classified into impersonation [1], replay [1], voice conversion (VC) [2], text-to-speech [3] synthesis (TTS) and the recently emerged adversarial attacks [4,5].…”

Section: Introductionmentioning

confidence: 99%

Replay and Synthetic Speech Detection with Res2Net Architecture

Weng

et al. 2021

ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)

106

View full text Add to dashboard Cite

Existing approaches for replay and synthetic speech detection still lack generalizability to unseen spoofing attacks. This work proposes to leverage a novel model structure, so-called Res2Net, to improve the anti-spoofing countermeasure's generalizability. Res2Net mainly modifies the ResNet block to enable multiple feature scales. Specifically, it splits the feature maps within one block into multiple channel groups and designs a residual-like connection across different channel groups. Such connection increases the possible receptive fields, resulting in multiple feature scales. This multiple scaling mechanism significantly improves the countermeasure's generalizability to unseen spoofing attacks. It also decreases the model size compared to ResNet-based models. Experimental results show that the Res2Net model consistently outperforms ResNet34 and ResNet50 by a large margin in both physical access (PA) and logical access (LA) of the ASVspoof 2019 corpus. Moreover, integration with the squeeze-and-excitation (SE) block can further enhance performance. For feature engineering, we investigate the generalizability of Res2Net combined with different acoustic features, and observe that the constant-Q transform (CQT) achieves the most promising performance in both PA and LA scenarios. Our best single system outperforms other state-of-the-art single systems in both PA and LA of the ASVspoof 2019 corpus.

show abstract

Section: Introductionmentioning

confidence: 99%

Replay and Synthetic Speech Detection with Res2Net Architecture

Weng

et al. 2021

ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)

106

View full text Add to dashboard Cite

show abstract

“…However, past research has shown that ASV systems are vulnerable to malicious attacks via spoofing and fake speech, such as imitated [1,2], replayed [2,3], synthetic [4,5] and converted [6] speech. These spoofing and fake speech are created to sound like the voice of the target person as much as possible.…”

Section: Introductionmentioning

confidence: 99%

Adversarial Attacks on GMM I-Vector Based Speaker Verification Systems

Zhong

et al. 2020

ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)

View full text Add to dashboard Cite

This work investigates the vulnerability of Gaussian Mixture Model (GMM) i-vector based speaker verification (SV) systems to adversarial attacks, and the transferability of adversarial samples crafted from GMM i-vector based systems to x-vector based systems. In detail, we formulate the GMM i-vector based system as a scoring function, and leverage the fast gradient sign method (FGSM) to generate adversarial samples through this function. These adversarial samples are used to attack both GMM i-vector and x-vector based systems. We measure the vulnerability of the systems by the degradation of equal error rate and false acceptance rate. Experimental results show that GMM i-vector based systems are seriously vulnerable to adversarial attacks, and the generated adversarial samples are proved to be transferable and pose threats to neural network speaker embedding based systems (e.g. x-vector systems).

show abstract

“…Spoofing attacks on automatic speaker verification (ASV) have attracted ever-increasing security concerns in recent years, as they pose serious threats to essential applications of ASV, such as e-banking authentication, device activation, etc. These attacks can be categorized into human impersonation [1,2], audio replay [3,4], synthetic speech [5,6] and the recently emerged adversarial attacks [7][8][9][10][11][12].…”

Section: Introductionmentioning

confidence: 99%

Channel-wise Gated Res2Net: Towards Robust Detection of Synthetic Speech Attacks

Li¹,

Wu²,

Lu³

et al. 2021

Preprint

View full text Add to dashboard Cite

Existing approaches for anti-spoofing in automatic speaker verification (ASV) still lack generalizability to unseen attacks. The Res2Net approach designs a residual-like connection between feature groups within one block, which increases the possible receptive fields and improves the system's detection generalizability. However, such a residual-like connection is performed by a direct addition between feature groups without channelwise priority. We argue that the information across channels may not contribute to spoofing cues equally, and the less relevant channels are expected to be suppressed before adding onto the next feature group, so that the system can generalize better to unseen attacks. This argument motivates the current work that presents a novel, channel-wise gated Res2Net (CG-Res2Net), which modifies Res2Net to enable a channel-wise gating mechanism in the connection between feature groups. This gating mechanism dynamically selects channel-wise features based on the input, to suppress the less relevant channels and enhance the detection generalizability. Three gating mechanisms with different structures are proposed and integrated into Res2Net. Experimental results conducted on ASVspoof 2019 logical access (LA) demonstrate that the proposed CG-Res2Net significantly outperforms Res2Net on both the overall LA evaluation set and individual difficult unseen attacks, which also outperforms other state-of-the-art single systems, depicting the effectiveness of our method.

show abstract

Examining Vulnerability of Voice Verification Systems to Spoofing Attacks by Means of a TTS System

Cited by 17 publications

References 3 publications

Replay and Synthetic Speech Detection with Res2Net Architecture

Replay and Synthetic Speech Detection with Res2Net Architecture

Adversarial Attacks on GMM I-Vector Based Speaker Verification Systems

Channel-wise Gated Res2Net: Towards Robust Detection of Synthetic Speech Attacks

Contact Info

Product

Resources

About