Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems

Authors: Michele Panariello, Wanying Ge, Hemlata Tak, Massimiliano Todisco, Nicholas Evans

Published: 2023-06-13 09:52:44+00:00

AI Summary

The paper introduces Malafide, a universal adversarial attack against automatic speaker verification (ASV) spoofing countermeasures (CMs). Malafide uses optimized linear time-invariant filters to introduce convolutional noise, degrading CM performance significantly while preserving speech quality, even in black-box settings.

Abstract

We present Malafide, a universal adversarial attack against automatic speaker verification (ASV) spoofing countermeasures (CMs). By introducing convolutional noise using an optimised linear time-invariant filter, Malafide attacks can be used to compromise CM reliability while preserving other speech attributes such as quality and the speaker's voice. In contrast to other adversarial attacks proposed recently, Malafide filters are optimised independently of the input utterance and duration, are tuned instead to the underlying spoofing attack, and require the optimisation of only a small number of filter coefficients. Even so, they degrade CM performance estimates by an order of magnitude, even in black-box settings, and can also be configured to overcome integrated CM and ASV subsystems. Integrated solutions that use self-supervised learning CMs, however, are more robust, under both black-box and white-box settings.