TL;DR
This paper evaluates the effectiveness of adversarial perturbations against voice cloning attacks under realistic threat models, proposing a two-stage purification method that improves disruption of voice cloning while highlighting the need for more robust defenses.
Contribution
It introduces a systematic evaluation of protective perturbations against voice cloning with realistic purification, and proposes a novel two-stage purification approach that outperforms existing methods.
Findings
Purification methods can neutralize many protective perturbations but cause feature distortions.
The proposed two-stage purification improves disruption of voice cloning.
Current adversarial defenses have limitations, requiring more robust solutions.
Abstract
The rapid advancement of speech generation models has heightened privacy and security concerns related to voice cloning (VC). Recent studies have investigated disrupting unauthorized voice cloning by introducing adversarial perturbations. However, determined attackers can mitigate these protective perturbations and successfully execute VC. In this study, we conduct the first systematic evaluation of these protective perturbations against VC under realistic threat models that include perturbation purification. Our findings reveal that while existing purification methods can neutralize a considerable portion of the protective perturbations, they still lead to distortions in the feature space of VC models, which degrades the performance of VC. From this perspective, we propose a novel two-stage purification method: (1) Purify the perturbed speech; (2) Refine it using phoneme guidance to…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
Taxonomy
MethodsALIGN
