On the Detection of Adaptive Adversarial Attacks in Speaker Verification Systems

TL;DR

This paper introduces MEH-FEST, a fast and effective detector for identifying FAKEBOB adversarial attacks in speaker verification systems by analyzing high-frequency energy, achieving near-zero false positives and negatives.

Contribution

The paper proposes MEH-FEST, a novel, simple, and efficient detection method for adversarial attacks in speaker verification, and explores adaptive attack strategies and countermeasures.

Findings

MEH-FEST achieves near-zero false positive and false negative rates.

The detector is fast, easy to implement, and effective against FAKEBOB attacks.

Adaptive attacks against MEH-FEST are analyzed, highlighting the ongoing security game.

Abstract

Speaker verification systems have been widely used in smart phones and Internet of things devices to identify legitimate users. In recent work, it has been shown that adversarial attacks, such as FAKEBOB, can work effectively against speaker verification systems. The goal of this paper is to design a detector that can distinguish an original audio from an audio contaminated by adversarial attacks. Specifically, our designed detector, called MEH-FEST, calculates the minimum energy in high frequencies from the short-time Fourier transform of an audio and uses it as a detection metric. Through both analysis and experiments, we show that our proposed detector is easy to implement, fast to process an input audio, and effective in determining whether an audio is corrupted by FAKEBOB attacks. The experimental results indicate that the detector is extremely effective: with near zero false positive and false negative rates for detecting FAKEBOB attacks in Gaussian mixture model (GMM) and i-vector speaker verification systems. Moreover, adaptive adversarial attacks against our proposed detector and their countermeasures are discussed and studied, showing the game between attackers and defenders.