Adversarial Sample Detection for Speaker Verification by Neural Vocoders
This addresses a security vulnerability in ASV systems used for biometric identification, though it is an incremental approach as it adapts existing neural vocoders for detection.
The paper tackles the problem of detecting adversarial samples in automatic speaker verification (ASV) by using neural vocoders to re-synthesize audio and comparing ASV scores, achieving effective detection performance that outperforms baselines like the Griffin-Lim algorithm in all settings.
Automatic speaker verification (ASV), one of the most important technology for biometric identification, has been widely adopted in security-critical applications. However, ASV is seriously vulnerable to recently emerged adversarial attacks, yet effective countermeasures against them are limited. In this paper, we adopt neural vocoders to spot adversarial samples for ASV. We use the neural vocoder to re-synthesize audio and find that the difference between the ASV scores for the original and re-synthesized audio is a good indicator for discrimination between genuine and adversarial samples. This effort is, to the best of our knowledge, among the first to pursue such a technical direction for detecting time-domain adversarial samples for ASV, and hence there is a lack of established baselines for comparison. Consequently, we implement the Griffin-Lim algorithm as the detection baseline. The proposed approach achieves effective detection performance that outperforms the baselines in all the settings. We also show that the neural vocoder adopted in the detection framework is dataset-independent. Our codes will be made open-source for future works to do fair comparison.