Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems
This addresses security vulnerabilities in deepfake and spoofing detection systems, presenting a novel attack method with incremental improvements over prior adversarial approaches.
The authors tackled the problem of compromising automatic speaker verification spoofing countermeasures by introducing Malafide, a universal adversarial attack using convolutional noise, which degraded countermeasure performance by an order of magnitude in black-box settings.
We present Malafide, a universal adversarial attack against automatic speaker verification (ASV) spoofing countermeasures (CMs). By introducing convolutional noise using an optimised linear time-invariant filter, Malafide attacks can be used to compromise CM reliability while preserving other speech attributes such as quality and the speaker's voice. In contrast to other adversarial attacks proposed recently, Malafide filters are optimised independently of the input utterance and duration, are tuned instead to the underlying spoofing attack, and require the optimisation of only a small number of filter coefficients. Even so, they degrade CM performance estimates by an order of magnitude, even in black-box settings, and can also be configured to overcome integrated CM and ASV subsystems. Integrated solutions that use self-supervised learning CMs, however, are more robust, under both black-box and white-box settings.