Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems

Add code
Jun 13, 2023
Michele Panariello, Wanying Ge, Hemlata Tak, Massimiliano Todisco, Nicholas Evans
Figure 1 for Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems
Figure 2 for Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems
Figure 3 for Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems
Figure 4 for Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

We present Malafide, a universal adversarial attack against automatic speaker verification (ASV) spoofing countermeasures (CMs). By introducing convolutional noise using an optimised linear time-invariant filter, Malafide attacks can be used to compromise CM reliability while preserving other speech attributes such as quality and the speaker's voice. In contrast to other adversarial attacks proposed recently, Malafide filters are optimised independently of the input utterance and duration, are tuned instead to the underlying spoofing attack, and require the optimisation of only a small number of filter coefficients. Even so, they degrade CM performance estimates by an order of magnitude, even in black-box settings, and can also be configured to overcome integrated CM and ASV subsystems. Integrated solutions that use self-supervised learning CMs, however, are more robust, under both black-box and white-box settings.

* Accepted at INTERSPEECH 2023  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon