Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems

Panariello, Michele; Ge, Wanying; Tak, Hemlata; Todisco, Massimiliano; Evans, Nicholas
INTERSPEECH 2023, 24th Conference of the International Speech Communication Association, 20-24 August 2023, Dublin, Ireland

We present Malafide, a universal adversarial attack against automatic speaker verification (ASV) spoofing countermeasures (CMs). By introducing convolutional noise using an optimised linear time-invariant filter, Malafide attacks can be used to compromise
CM reliability while preserving other speech attributes such as quality and the speaker’s voice. In contrast to other adversarial attacks proposed recently, Malafide filters are optimised independently of the input utterance and duration, are tuned instead to the underlying spoofing attack, and require the optimisation of only a small number of filter coefficients. Even so, they degrade CM performance estimates by an order of magnitude,
even in black-box settings, and can also be configured to overcome integrated CM and ASV subsystems. Integrated solutions that use self-supervised learning CMs, however, are
more robust, under both black-box and white-box settings. Index Terms: anti-spoofing, adversarial attacks, automatic speaker verification

DOI
HAL
Type:
Conférence
City:
Dublin
Date:
2023-08-20
Department:
Sécurité numérique
Eurecom Ref:
7337
Copyright:
© ISCA. Personal use of this material is permitted. The definitive version of this paper was published in INTERSPEECH 2023, 24th Conference of the International Speech Communication Association, 20-24 August 2023, Dublin, Ireland and is available at : http://dx.doi.org/10.21437/Interspeech.2023-703

PERMALINK : https://www.eurecom.fr/publication/7337