Voting for the right answer: Adversarial defense for speaker verification
This addresses security risks in biometric identification for applications like banking and access control, but it is incremental as it builds on existing defense strategies.
The paper tackles the vulnerability of automatic speaker verification (ASV) to adversarial attacks by proposing a 'voting for the right answer' method using random sampling and voting, which improves robustness by pulling adversarial samples out of blind spots and increasing attackers' budgets.
Automatic speaker verification (ASV) is a well developed technology for biometric identification, and has been ubiquitous implemented in security-critic applications, such as banking and access control. However, previous works have shown that ASV is under the radar of adversarial attacks, which are very similar to their original counterparts from human's perception, yet will manipulate the ASV render wrong prediction. Due to the very late emergence of adversarial attacks for ASV, effective countermeasures against them are limited. Given that the security of ASV is of high priority, in this work, we propose the idea of "voting for the right answer" to prevent risky decisions of ASV in blind spot areas, by employing random sampling and voting. Experimental results show that our proposed method improves the robustness against both the limited-knowledge attackers by pulling the adversarial samples out of the blind spots, and the perfect-knowledge attackers by introducing randomness and increasing the attackers' budgets.