Scalable Ensemble-based Detection Method against Adversarial Attacks for speaker verification
This work addresses security vulnerabilities in speaker verification systems, offering an incremental improvement to mitigate adversarial threats.
This paper tackles the problem of adversarial attacks in automatic speaker verification by proposing an ensemble method that integrates advanced purification modules for detection, achieving state-of-the-art performance in countering adversarial noise.
Automatic speaker verification (ASV) is highly susceptible to adversarial attacks. Purification modules are usually adopted as a pre-processing to mitigate adversarial noise. However, they are commonly implemented across diverse experimental settings, rendering direct comparisons challenging. This paper comprehensively compares mainstream purification techniques in a unified framework. We find these methods often face a trade-off between user experience and security, as they struggle to simultaneously maintain genuine sample performance and reduce adversarial perturbations. To address this challenge, some efforts have extended purification modules to encompass detection capabilities, aiming to alleviate the trade-off. However, advanced purification modules will always come into the stage to surpass previous detection method. As a result, we further propose an easy-to-follow ensemble approach that integrates advanced purification modules for detection, achieving state-of-the-art (SOTA) performance in countering adversarial noise. Our ensemble method has great potential due to its compatibility with future advanced purification techniques.