Adversarial Attacks on GMM i-vector based Speaker Verification Systems
This addresses security risks in speaker verification systems for applications like authentication, but it is incremental as it applies known adversarial attack methods to a specific domain.
This work investigated the vulnerability of GMM i-vector based speaker verification systems to adversarial attacks using FGSM, showing that these systems are seriously vulnerable, with adversarial samples also transferring to x-vector systems, as measured by degradation in equal error rate and false acceptance rate.
This work investigates the vulnerability of Gaussian Mixture Model (GMM) i-vector based speaker verification systems to adversarial attacks, and the transferability of adversarial samples crafted from GMM i-vector based systems to x-vector based systems. In detail, we formulate the GMM i-vector system as a scoring function of enrollment and testing utterance pairs. Then we leverage the fast gradient sign method (FGSM) to optimize testing utterances for adversarial samples generation. These adversarial samples are used to attack both GMM i-vector and x-vector systems. We measure the system vulnerability by the degradation of equal error rate and false acceptance rate. Experiment results show that GMM i-vector systems are seriously vulnerable to adversarial attacks, and the crafted adversarial samples prove to be transferable and pose threats to neuralnetwork speaker embedding based systems (e.g. x-vector systems).