E2E-VGuard: Adversarial Prevention for Production LLM-based End-To-End Speech Synthesis

TL;DR

E2E-VGuard is a novel security framework designed to protect end-to-end speech synthesis systems from adversarial attacks, especially in LLM-based and ASR-driven scenarios, by safeguarding timbre and pronunciation imperceptibly.

Contribution

The paper introduces E2E-VGuard, a proactive defense mechanism specifically tailored for end-to-end speech synthesis systems against emerging adversarial threats in LLM and ASR contexts.

Findings

Effective protection of timbre and pronunciation demonstrated across multiple synthesizers.

Successful disruption of adversarial attacks in real-world deployment.

Robustness validated on Chinese and English datasets.

Abstract

Recent advancements in speech synthesis technology have enriched our daily lives, with high-quality and human-like audio widely adopted across real-world applications. However, malicious exploitation like voice-cloning fraud poses severe security risks. Existing defense techniques struggle to address the production large language model (LLM)-based speech synthesis. While previous studies have considered the protection for fine-tuning synthesizers, they assume manually annotated transcripts. Given the labor intensity of manual annotation, end-to-end (E2E) systems leveraging automatic speech recognition (ASR) to generate transcripts are becoming increasingly prevalent, e.g., voice cloning via commercial APIs. Therefore, this E2E speech synthesis also requires new security mechanisms. To tackle these challenges, we propose E2E-VGuard, a proactive defense framework for two emerging threats: (1) production LLM-based speech synthesis, and (2) the novel attack arising from ASR-driven E2E scenarios. Specifically, we employ the encoder ensemble with a feature extractor to protect timbre, while ASR-targeted adversarial examples disrupt pronunciation. Moreover, we incorporate the psychoacoustic model to ensure perturbative imperceptibility. For a comprehensive evaluation, we test 16 open-source synthesizers and 3 commercial APIs across Chinese and English datasets, confirming E2E-VGuard's effectiveness in timbre and pronunciation protection. Real-world deployment validation is also conducted. Our code and demo page are available at https://wxzyd123.github.io/e2e-vguard/.