D-CAPTCHA++: A Study of Resilience of Deepfake CAPTCHA under Transferable Imperceptible Adversarial Attack

TL;DR

This paper evaluates the vulnerability of a deepfake CAPTCHA system against transferable imperceptible adversarial attacks and proposes an improved, more robust version called D-CAPTCHA++ using adversarial training.

Contribution

The study identifies vulnerabilities in D-CAPTCHA and introduces D-CAPTCHA++ with enhanced robustness through adversarial training techniques.

Findings

D-CAPTCHA is vulnerable to transferable imperceptible adversarial attacks.

Adversarial training significantly improves the robustness of D-CAPTCHA++.

The enhanced system better detects deepfake audio under adversarial conditions.

Abstract

The advancements in generative AI have enabled the improvement of audio synthesis models, including text-to-speech and voice conversion. This raises concerns about its potential misuse in social manipulation and political interference, as synthetic speech has become indistinguishable from natural human speech. Several speech-generation programs are utilized for malicious purposes, especially impersonating individuals through phone calls. Therefore, detecting fake audio is crucial to maintain social security and safeguard the integrity of information. Recent research has proposed a D-CAPTCHA system based on the challenge-response protocol to differentiate fake phone calls from real ones. In this work, we study the resilience of this system and introduce a more robust version, D-CAPTCHA++, to defend against fake calls. Specifically, we first expose the vulnerability of the D-CAPTCHA system under transferable imperceptible adversarial attack. Secondly, we mitigate such vulnerability by improving the robustness of the system by using adversarial training in D-CAPTCHA deepfake detectors and task classifiers.