Transferability of Adversarial Attacks on Synthetic Speech Detection
Jiacheng Deng, Shunyi Chen, Li Dong, Diqun Yan, Rangding Wang
TL;DR
This paper evaluates how adversarial attacks transfer across different feature types and settings in synthetic speech detection, revealing vulnerabilities and guiding future defenses.
Contribution
It provides a comprehensive benchmark analyzing transferability of adversarial attacks across features, hyperparameters, and operations in synthetic speech detection.
Findings
Transferability varies across feature types.
Hyperparameters significantly affect attack transferability.
Clipping and self-padding influence attack success rates.
Abstract
Synthetic speech detection is one of the most important research problems in audio security. Meanwhile, deep neural networks are vulnerable to adversarial attacks. Therefore, we establish a comprehensive benchmark to evaluate the transferability of adversarial attacks on the synthetic speech detection task. Specifically, we attempt to investigate: 1) The transferability of adversarial attacks between different features. 2) The influence of varying extraction hyperparameters of features on the transferability of adversarial attacks. 3) The effect of clipping or self-padding operation on the transferability of adversarial attacks. By performing these analyses, we summarise the weaknesses of synthetic speech detectors and the transferability behaviours of adversarial attacks, which provide insights for future research. More details can be found at…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Speech Recognition and Synthesis