Transferable Adversarial Attacks on Audio Deepfake Detection

TL;DR

This paper demonstrates that current audio deepfake detection systems are highly vulnerable to transferable adversarial attacks generated by a novel GAN-based framework, highlighting the need for improved robustness.

Contribution

It introduces a transferable GAN-based adversarial attack framework that effectively evaluates and exposes vulnerabilities of state-of-the-art audio deepfake detection methods.

Findings

Significant accuracy drops in SOTA ADD systems under attack

High-quality adversarial examples maintain transcription and perceptual integrity

Vulnerabilities are consistent across multiple datasets and attack scenarios

Abstract

Audio deepfakes pose significant threats, including impersonation, fraud, and reputation damage. To address these risks, audio deepfake detection (ADD) techniques have been developed, demonstrating success on benchmarks like ASVspoof2019. However, their resilience against transferable adversarial attacks remains largely unexplored. In this paper, we introduce a transferable GAN-based adversarial attack framework to evaluate the effectiveness of state-of-the-art (SOTA) ADD systems. By leveraging an ensemble of surrogate ADD models and a discriminator, the proposed approach generates transferable adversarial attacks that better reflect real-world scenarios. Unlike previous methods, the proposed framework incorporates a self-supervised audio model to ensure transcription and perceptual integrity, resulting in high-quality adversarial attacks. Experimental results on benchmark dataset reveal that SOTA ADD systems exhibit significant vulnerabilities, with accuracies dropping from 98% to 26%, 92% to 54%, and 94% to 84% in white-box, gray-box, and black-box scenarios, respectively. When tested in other data sets, performance drops of 91% to 46%, and 94% to 67% were observed against the In-the-Wild and WaveFake data sets, respectively. These results highlight the significant vulnerabilities of existing ADD systems and emphasize the need to enhance their robustness against advanced adversarial threats to ensure security and reliability.