Probabilistic Verification of Voice Anti-Spoofing Models

TL;DR

This paper introduces PV-VASM, a probabilistic framework that verifies the robustness of voice anti-spoofing models against various speech synthesis attacks and input perturbations, providing formal guarantees.

Contribution

The paper presents PV-VASM, a model-agnostic probabilistic method that estimates misclassification probabilities and offers robustness verification for voice anti-spoofing models against unseen techniques.

Findings

Effective verification of robustness against TTS and VC attacks

Theoretical upper bounds on misclassification error

Validated across diverse experimental settings

Abstract

Recent advances in generative models have amplified the risk of malicious misuse of speech synthesis technologies, enabling adversaries to impersonate target speakers and access sensitive resources. Although speech deepfake detection has progressed rapidly, most existing countermeasures lack formal robustness guarantees or fail to generalize to unseen generation techniques. We propose PV-VASM, a probabilistic framework for verifying the robustness of voice anti-spoofing models (VASMs). PV-VASM estimates the probability of misclassification under text-to-speech (TTS), voice cloning (VC), and parametric signal transformations. The approach is model-agnostic and enables robustness verification against unseen speech synthesis techniques and input perturbations. We derive a theoretical upper bound on the error probability and validate the method across diverse experimental settings, demonstrating its effectiveness as a practical robustness verification tool.