TL;DR
This paper investigates the vulnerability of deep speaker recognition systems to adversarial attacks and evaluates defense strategies, finding adversarial training with PGD as the most effective method to enhance robustness.
Contribution
It provides a comprehensive analysis of adversarial attacks and defenses in speaker recognition, including experimental comparisons and ablation studies, which are limited in existing research.
Findings
Adversarial attacks can reduce speaker recognition accuracy from 94% to 0%.
Adversarial training with PGD is the most effective defense method.
Speaker recognition systems are highly vulnerable to adversarial perturbations.
Abstract
Robust speaker recognition, including in the presence of malicious attacks, is becoming increasingly important and essential, especially due to the proliferation of several smart speakers and personal agents that interact with an individual's voice commands to perform diverse, and even sensitive tasks. Adversarial attack is a recently revived domain which is shown to be effective in breaking deep neural network-based classifiers, specifically, by forcing them to change their posterior distribution by only perturbing the input samples by a very small amount. Although, significant progress in this realm has been made in the computer vision domain, advances within speaker recognition is still limited. The present expository paper considers several state-of-the-art adversarial attacks to a deep speaker recognition system, employing strong defense methods as countermeasures, and reporting on…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
