Attacking Voice Anonymization Systems with Augmented Feature and Speaker Identity Difference

TL;DR

This paper presents DA-SID, an attacker system that combines data augmentation and speaker identity difference techniques to effectively break voice anonymization, achieving top performance in the ICASSP 2025 challenge.

Contribution

It introduces a novel attacker framework that integrates data augmentation and PLDA-based speaker difference enhancement for voice anonymization attacks.

Findings

Outperforms baseline in speaker verification accuracy

Achieves top-5 ranking in ICASSP 2025 challenge

Demonstrates robustness against various anonymization methods

Abstract

This study focuses on the First VoicePrivacy Attacker Challenge within the ICASSP 2025 Signal Processing Grand Challenge, which aims to develop speaker verification systems capable of determining whether two anonymized speech signals are from the same speaker. However, differences between feature distributions of original and anonymized speech complicate this task. To address this challenge, we propose an attacker system that combines Data Augmentation enhanced feature representation and Speaker Identity Difference enhanced classifier to improve verification performance, termed DA-SID. Specifically, data augmentation strategies (i.e., data fusion and SpecAugment) are utilized to mitigate feature distribution gaps, while probabilistic linear discriminant analysis (PLDA) is employed to further enhance speaker identity difference. Our system significantly outperforms the baseline, demonstrating exceptional effectiveness and robustness against various voice anonymization systems, ultimately securing a top-5 ranking in the challenge.