Unraveling Adversarial Examples against Speaker Identification -- Techniques for Attack Detection and Victim Model Classification
This work addresses security vulnerabilities in speaker identification systems, though it is incremental as it builds upon prior research on attack detection and classification.
The paper tackles the problem of adversarial examples threatening speaker identification systems by proposing methods for detecting these attacks and classifying the victim models, achieving an AUC of 0.982 for detection and accuracies of 86.48% for attack classification and 72.28% for victim model classification.
Adversarial examples have proven to threaten speaker identification systems, and several countermeasures against them have been proposed. In this paper, we propose a method to detect the presence of adversarial examples, i.e., a binary classifier distinguishing between benign and adversarial examples. We build upon and extend previous work on attack type classification by exploring new architectures. Additionally, we introduce a method for identifying the victim model on which the adversarial attack is carried out. To achieve this, we generate a new dataset containing multiple attacks performed against various victim models. We achieve an AUC of 0.982 for attack detection, with no more than a 0.03 drop in performance for unknown attacks. Our attack classification accuracy (excluding benign) reaches 86.48% across eight attack types using our LightResNet34 architecture, while our victim model classification accuracy reaches 72.28% across four victim models.