Yang Xie,Zhenchuan Zhang,Yingchun Yang

DOI: https://doi.org/10.21437/Interspeech.2021-847

2021-01-01

Abstract:Automatic speaker verification is vulnerable to spoofing attacks with synthesized or converted speech. Although high-performance anti-spoofing countermeasures can achieve high accuracy when the training and testing spoofing attack examples are similarly distributed, their performance degrades significantly when confronted with out-of-distribution spoofing speech, which is created by increasingly advanced unseen speech synthesis and voice conversion methods. Since it is unrealistic to collect enough labeled data from each new spoofing attack method, we argue that addressing the problem of out-of-distribution generalization for spoofing speech detection is essential. In this work, we propose a two-phase representation learning system based on a Siamese network for spoofing speech detection tasks. During the representation learning phase, an embedding Siamese neural network is trained with the wav2vec features to distinguish whether the speech samples in a pair belong to the same category. The proposed system decreases the equal error rate from the state-of-the-art result of 4:07% to 1:15% on the ASVspoof 2019 evaluation set.

Xu Li,Na Li,Chao Weng,Xunying Liu,Dan Su,Dong Yu,Helen Meng

DOI: https://doi.org/10.48550/arXiv.2010.15006

2021-02-14

Abstract:Existing approaches for replay and synthetic speech detection still lack generalizability to unseen spoofing attacks. This work proposes to leverage a novel model structure, so-called Res2Net, to improve the anti-spoofing countermeasure's generalizability. Res2Net mainly modifies the ResNet block to enable multiple feature scales. Specifically, it splits the feature maps within one block into multiple channel groups and designs a residual-like connection across different channel groups. Such connection increases the possible receptive fields, resulting in multiple feature scales. This multiple scaling mechanism significantly improves the countermeasure's generalizability to unseen spoofing attacks. It also decreases the model size compared to ResNet-based models. Experimental results show that the Res2Net model consistently outperforms ResNet34 and ResNet50 by a large margin in both physical access (PA) and logical access (LA) of the ASVspoof 2019 corpus. Moreover, integration with the squeeze-and-excitation (SE) block can further enhance performance. For feature engineering, we investigate the generalizability of Res2Net combined with different acoustic features, and observe that the constant-Q transform (CQT) achieves the most promising performance in both PA and LA scenarios. Our best single system outperforms other state-of-the-art single systems in both PA and LA of the ASVspoof 2019 corpus.

Audio and Speech Processing,Artificial Intelligence

Pengfei Liu,Zhenchuan Zhang,Yingchun Yang

DOI: https://doi.org/10.1109/ijcnn52387.2021.9534312

2021-01-01

Abstract:State-of-the-art spoofing speech detection methods highly depend on hand-crafted features like LFCC, MFCC, CQCC, FFT spectrum, etc. But almost for all the features, during extracting procedure, some information will be lost permanently, which may be of vital importance to spoofing detection task. Most speeches on the web, are often accompanied by music or noise. Using monaural speech separation to get human voice and then doing spoofing detection later may be a natural idea, but it has two shortcomings: two models must be trained, and during first separation step, some voice will be filtered out while noise will be kept. In this paper, we propose an end-to-end anti-spoofing model which fully consists of one-dimensional convolutional neural networks for spoofing detection under noisy conditions. The proposed system achieved an EER of 1.50% on the ASVspoof2019 logical access evaluation set. Under noisy conditions, we proposed a novel approach based on knowledge distillation, and our proposed method achieved great performance improvements compared to multi-condition training method.

Xin Fang,Haijia Du,Tian Gao,Liang Zou,Zhenhua Ling

DOI: https://doi.org/10.1145/3503181.3503218

2021-01-01

Abstract:The natural-sounding speech produced by recent text-to-speech and voice conversion techniques pose serious threats to automatic speaker verification systems. The majority of existing spoofing detection countermeasures perform well when the nature of the attacks is known during training. However, their performance in realistic applications degrades in dealing with unseen types of attacks. To address this concern, we propose a novel method for spoof detection, namely Dual Path Res2Net (DP-Res2Net) to improve the robustness to unknown attacks. As to the feature engineering, we employ the time domain features rather than the commonly-used frequency domain ones. We directly input the time domain features of 80,000 sampling points into the network. The input features are further processed by shallow feature learning module, interactive feature learning module, deep feature learning module as well as the discriminator network. The dual-path residual-like block exploit the dependence between successive pieces of audios with large receptive fields. Furthermore, the proposed DP-Res2Net significantly improves the model’s generalizability to unseen spoofing attacks. We evaluate the performance of the proposed method over public-available ASVspoof 2019 logic access evaluation set, and the results demonstrate that it outperforms state-of-the-art audio spoof detection models.

Zhenchun Lei,Hui Yan,Changhong Liu,Minglei Ma,Yingen Yang

DOI: https://doi.org/10.1109/ICASSP43922.2022.9746163

2024-07-08

Abstract:The automatic speaker verification system is sometimes vulnerable to various spoofing attacks. The 2-class Gaussian Mixture Model classifier for genuine and spoofed speech is usually used as the baseline for spoofing detection. However, the GMM classifier does not separately consider the scores of feature frames on each Gaussian component. In addition, the GMM accumulates the scores on all frames independently, and does not consider their correlations. We propose the two-path GMM-ResNet and GMM-SENet models for spoofing detection, whose input is the Gaussian probability features based on two GMMs trained on genuine and spoofed speech respectively. The models consider not only the score distribution on GMM components, but also the relationship between adjacent frames. A two-step training scheme is applied to improve the system robustness. Experiments on the ASVspoof 2019 show that the LFCC+GMM-ResNet system can relatively reduce min-tDCF and EER by 76.1% and 76.3% on logical access scenario compared with the GMM, and the LFCC+GMM-SENet system by 94.4% and 95.4% on physical access scenario. After score fusion, the systems give the second-best results on both scenarios.

Sound,Audio and Speech Processing

Kexu Liu,Yuanxin Wang,Shengchen Li,Xi Shao

DOI: https://doi.org/10.21437/interspeech.2024-292

2024-01-01

Abstract:Existing synthetic speech detection systems struggle with high variance of performance in different spoofing attacks. This is due to the diversity of unseen synthesis algorithms, making it challenging for the system to generalize unseen spoofing attacks. To address this, we propose multi-view features with one-class learning for synthetic speech detection. The key idea is to capture bona-fide speech features from dynamic information of formants and XLS-R dimensions, aiming to compactly represent bona-fide speech in the embedding space without the need to fit various unseen spoofing attacks. To leverage multi-view features, the dynamic information of formants is integrated with XLS-R features using a parallel attention mechanism and gating modulation. Our system achieves an equal error rate (EER) of 0.39% in the ASVspoof 2019 logical access scenario, demonstrating a low performance variance of 0.069 across all 13 attacks, outperforming most mainstream single-systems.

Hefei Ling,Leichao Huang,Junrui Huang,Baiyan Zhang,Ping Li

DOI: https://doi.org/10.21437/interspeech.2021-1404

2021-01-01

Abstract:In recent years, automatic speaker verification (ASV) algorithms have undergone significant progress. They have been widely deployed in different applications, but the ASV systems are vulnerable to spoofing attacks, such as impersonation, replay, text-to-speech, voice conversion and the recently emerged adversarial attacks. To improve the robustness of the ASV system, researchers have designed anti-spoofing systems to resist spoofing attacks. While previously proposed systems have shown to be effective for spoof attacks detection, they are all ensemble methods based on different speech representations and architectures at the cost of increased model complexity, with similar performance not being achieved with single systems. This paper proposes an attention-based single convolutional neural network to learn discriminative feature embedding for spoof detection, achieving performance comparable to ensemble methods. The key idea is to decrease the information redundancy among channels and focus on the most informative sub-bands of speech representations. The experiments show that our proposed single system achieves an equal error rate of 1.87% on the evaluation set of ASVspoof 2019 Challenge, outperforming all single systems and comparable to the second-ranked system (EER 1.86%) among all known systems.

Ivan Himawan,Srikanth Madikeri,Petr Motlicek,Milos Cernak,Sridha Sridharan,Clinton Fookes

DOI: https://doi.org/10.1007/978-3-319-92627-8_17

2019-01-01

Abstract:Current state-of-the-art automatic speaker verification (ASV) systems are prone to spoofing. The security and reliability of ASV systems can be threatened by different types of spoofing attacks using voice conversion, synthetic speech, or recorded passphrase. It is therefore essential to develop countermeasure techniques which can detect such spoofed speech. Inspired by the success of deep learning approaches in various classification tasks, this work presents an in-depth study of convolutional neural networks (CNNs) for spoofing detection in automatic speaker verification (ASV) systems. Specifically, we have compared the use of three different CNNs architectures: AlexNet, CNNs with max-feature-map activation, and an ensemble of standard CNNs for developing spoofing countermeasures, and discussed their potential to avoid overfitting due to small amounts of training data that is usually available in this task. We used popular deep learning toolkits for the system implementation and have released the implementation code of our methods publicly. We have evaluated the proposed countermeasure systems for detecting replay attacks on recently released spoofing corpora ASVspoof 2017, and also provided in-depth visual analyses of CNNs to aid for future research in this area.

Lei Wang,Benedict Yeoh,Jun Wah Ng

DOI: https://doi.org/10.48550/arXiv.2210.03581

2022-11-30

Abstract:Synthetic voice and splicing audio clips have been generated to spoof Internet users and artificial intelligence (AI) technologies such as voice authentication. Existing research work treats spoofing countermeasures as a binary classification problem: bonafide vs. spoof. This paper extends the existing Res2Net by involving the recent Conformer block to further exploit the local patterns on acoustic features. Experimental results on ASVspoof 2019 database show that the proposed SE-Res2Net-Conformer architecture is able to improve the spoofing countermeasures performance for the logical access scenario. In addition, this paper also proposes to re-formulate the existing audio splicing detection problem. Instead of identifying the complete splicing segments, it is more useful to detect the boundaries of the spliced segments. Moreover, a deep learning approach can be used to solve the problem, which is different from the previous signal processing techniques.

Audio and Speech Processing,Computation and Language,Cryptography and Security

Zhenyu Wang,John H.L. Hansen

DOI: https://doi.org/10.1109/ACCESS.2024.3421281

2024-08-24

Abstract:Advances in automatic speaker verification (ASV) promote research into the formulation of spoofing detection systems for real-world applications. The performance of ASV systems can be degraded severely by multiple types of spoofing attacks, namely, synthetic speech (SS), voice conversion (VC), replay, twins and impersonation, especially in the case of unseen synthetic spoofing attacks. A reliable and robust spoofing detection system can act as a security gate to filter out spoofing attacks instead of having them reach the ASV system. A weighted additive angular margin loss is proposed to address the data imbalance issue, and different margins has been assigned to improve generalization to unseen spoofing attacks in this study. Meanwhile, we incorporate a meta-learning loss function to optimize differences between the embeddings of support versus query set in order to learn a spoofing-category-independent embedding space for utterances. Furthermore, we craft adversarial examples by adding imperceptible perturbations to spoofing speech as a data augmentation strategy, then we use an auxiliary batch normalization (BN) to guarantee that corresponding normalization statistics are performed exclusively on the adversarial examples. Additionally, A simple attention module is integrated into the residual block to refine the feature extraction process. Evaluation results on the Logical Access (LA) track of the ASVspoof 2019 corpus provides confirmation of our proposed approaches' effectiveness in terms of a pooled EER of 0.87%, and a min t-DCF of 0.0277. These advancements offer effective options to reduce the impact of spoofing attacks on voice recognition/authentication systems.

Sound,Artificial Intelligence,Audio and Speech Processing

Zheng Wang,Sanshuai Cui,Xiangui Kang,Wei Sun,Zhonghua Li

2020-01-01

Abstract:Anti-spoofing has attracted increasing attention since the inauguration of the ASVspoof Challenges, due to the fact that automatic speaker verification (ASV) systems are vulnerable to spoofing attacks. The latest ASVspoof 2019 Challenge was dedicated to addressing attacks in three major classes: speech synthesis, voice conversion, and replay audio. In this paper, we propose a novel method that includes feature extraction, a densely connected convolutional network, and fusion strategies to answer the ASVspoof 2019 Challenge and to defend against spoofing attacks. Features are extracted using different algorithms and then fed separately into variants of our model, which differ only in terms of the kernel size of the global average pooling layer. A dense connectivity pattern with better parameter efficiency is introduced to the proposed network to strengthen the propagation of the audio features. The experimental results show that the proposed method improves the tandem decision cost function and equal error rate scores by 75% and 78%, respectively, in the logical access challenge. In the physical access challenge, the proposed method improves the t-DCF and EER scores by 73% and 72%, respectively, compared with state-of-the-art methods.

Xingliang Cheng,Mingxing Xu,Thomas Fang Zheng

DOI: https://doi.org/10.1109/APSIPAASC47483.2019.9023158

2019-01-01

Abstract:Automatic Speaker Verification (ASV) technology is vulnerable to various kinds of spoofing attacks, including speech synthesis, voice conversion, and replay. Among them, the replay attack is easy to implement, posing a more severe threat to ASV. The constant-Q cepstrum coefficient (CQCC) feature is effective for detecting the replay attacks, but it only utilizes the magnitude of constant-Q transform (CQT) and discards the phase information. Meanwhile, the commonly used Gaussian mixture model (GMM) cannot model the reverberation present in far-field recordings. In this paper, we incorporate the CQT and modified group delay function (MGD) in order to utilize the phase of CQT. Also, we present a simple 2D-convolution multi-branch network architecture for replay detection, which can model the distortion both in the time and frequency domains. The experiment shows that the proposed CQT-based MGD feature outperforms traditional MGD feature, and performance can be further improved by combining both magnitude-based and phase-based feature. Our best fusion system achieves 0.0096 min-tDCF and 0.39% EER on ASVspoof 2019 Physical Access evaluation set. Comparing with the CQCC-GMM baseline system provided by the organizer, the min-tDCF is relatively reduced by 96.09% and EER is relatively reduced by 96.46%. Our system is submitted to the ASVspoof 2019 Physical Access sub-challenge and won 1st place.

Minjiao Yang,Kangfeng Zheng,Xiujuan Wang,Yudao Sun,Zhe Chen

DOI: https://doi.org/10.1109/lsp.2023.3311367

2023-01-01

IEEE Signal Processing Letters

Abstract:Popular topics in the field of countermeasures include feature engineering and neural-network-based models, which involve neural network architectures and loss criteria. This study focuses on Res2Net and its variant models to examine the impact of model generalization on countermeasure performance in the ASVspoof 2019 logical access and physical access scenarios. Results reveal that while Res2Net exhibits superior generalization compared to its variants, the most effective countermeasure combines both feature engineering and model optimization. The proposed dynamic modulated-Res2Net utilizes channel-wise soft attention to recalibrate feature maps, offering adaptive adjustments to spoofing cues of varying scales. Evaluation on the logical access dataset demonstrates dynamic modulated-Res2Net's relative improvement of over 38% compared to Res2Net. Furthermore, we exploit low-frequency features and combine them with dynamic modulated-Res2Net to achieve in an equal error rate of 1.21% under logical access and 0.41% under physical access, establishing our proposed dynamic modulated-Res2Net as one of the top-performing single systems. Additionally, we compare the best countermeasures in different scenarios, highlighting the ongoing challenge of achieving generalization.

Zhenchun Lei,Hui Yan,Changhong Liu,Yong Zhou,Minglei Ma

DOI: https://doi.org/10.1109/ICASSP48485.2024.10447628

2024-07-02

Abstract:Deep learning models are widely used for speaker recognition and spoofing speech detection. We propose the GMM-ResNet2 for synthesis speech detection. Compared with the previous GMM-ResNet model, GMM-ResNet2 has four improvements. Firstly, the different order GMMs have different capabilities to form smooth approximations to the feature distribution, and multiple GMMs are used to extract multi-scale Log Gaussian Probability features. Secondly, the grouping technique is used to improve the classification accuracy by exposing the group cardinality while reducing both the number of parameters and the training time. The final score is obtained by ensemble of all group classifier outputs using the averaging method. Thirdly, the residual block is improved by including one activation function and one batch normalization layer. Finally, an ensemble-aware loss function is proposed to integrate the independent loss functions of all ensemble members. On the ASVspoof 2019 LA task, the GMM-ResNet2 achieves a minimum t-DCF of 0.0227 and an EER of 0.79\%. On the ASVspoof 2021 LA task, the GMM-ResNet2 achieves a minimum t-DCF of 0.2362 and an EER of 2.19\%, and represents a relative reductions of 31.4\% and 76.3\% compared with the LFCC-LCNN baseline.

Sound,Audio and Speech Processing

Heinrich Dinkel,Yanmin Qian,Kai Yu

DOI: https://doi.org/10.1109/taslp.2018.2851155

2018-01-01

IEEE/ACM Transactions on Audio Speech and Language Processing

Abstract:Recent advances in automatic speaker verification (ASV) lead to an increased interest in securing these systems for real-world applications. Malicious spoofing attempts against ASV systems can lead to serious security breaches. A spoofing attack within the context of ASV is a condition in which a (potentially harmful) person successfully masks as another, to the ASV system already known person by falsifying or manipulating data. While most previous work focuses on enhanced, spoof-aware features, end-to-end models can be a potential alternative. In this paper, we investigate the training of a raw wave front-ends for deep convolutional, long short-term memory (LSTM) and vanilla neural networks, which are analyzed for their suitability toward spoofing detection, regarding the influence of frame size, number of output neurons, and sequence length. A joint convolutional LSTM neural network (CLDNN) is proposed, which outperforms previous attempts on the BTAS2016 dataset (0.82% -> 0.19% HTER), placing itself as the current state-of-the-art model for the dataset. We show that end-to-end approaches a re appropriate for the important replay detection task and show that the proposed model is capable of distinguishing device-invariant spoofing attempts. Regarding the ASVspoof2015 dataset, the end-to-end solution achieves an equal error rate (ERR) of 0.00% for the S1-S9 conditions. We show that the end-to-end approach based on a raw waveform input can outperform common cepstral features, without the use of context-dependent frame extensions. In addition, a cross-database (domain mismatch) scenario is also evaluated, which shows that the proposed CLDNN model trained on the BTAS2016 dataset achieves an EER of 25.7% on the ASVspoof2015 dataset.

Xingliang Cheng,Mingxing Xu,Thomas Fang Zheng

DOI: https://doi.org/10.1017/ATSIP.2020.26

2020-01-01

APSIPA Transactions on Signal and Information Processing

Abstract:Nowadays, the security of ASV systems is increasingly gaining attention. As one of the common spoofing methods, replay attacks are easy to implement but difficult to detect. Many researchers focus on designing various features to detect the distortion of replay attack attempts. Constant-Q cepstral coefficients (CQCC), based on the magnitude of the constant-Q transform (CQT), is one of the striking features in the field of replay detection. However, it ignores phase information, which may also be distorted in the replay processes. In this work, we propose a CQT-based modified group delay feature (CQTMGD) which can capture the phase information of CQT. Furthermore, a multi-branch residual convolution network, ResNeWt, is proposed to distinguish replay attacks from bonafide attempts. We evaluated our proposal in the ASVspoof 2019 physical access dataset. Results show that CQTMGD outperformed the traditional MGD feature, and the fusion with other magnitude-based and phase-based features achieved a further improvement. Our best fusion system achieved 0.0096 min-tDCF and 0.39% EER on the evaluation set and it outperformed all the other state-of-the-art methods in the ASVspoof 2019 physical access challenge.

Hongwei Luo,Yijie Shen,Feng Lin,Guoai Xu

DOI: https://doi.org/10.1155/2021/6664578

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Speaker verification system has gained great popularity in recent years, especially with the development of deep neural networks and Internet of Things. However, the security of speaker verification system based on deep neural networks has not been well investigated. In this paper, we propose an attack to spoof the state-of-the-art speaker verification system based on generalized end-to-end (GE2E) loss function for misclassifying illegal users into the authentic user. Specifically, we design a novel loss function to deploy a generator for generating effective adversarial examples with slight perturbation and then spoof the system with these adversarial examples to achieve our goals. The success rate of our attack can reach 82% when cosine similarity is adopted to deploy the deep-learning-based speaker verification system. Beyond that, our experiments also reported the signal-to-noise ratio at 76 dB, which proves that our attack has higher imperceptibility than previous works. In summary, the results show that our attack not only can spoof the state-of-the-art neural-network-based speaker verification system but also more importantly has the ability to hide from human hearing or machine discrimination.

Chang Zeng,Xiaoxiao Miao,Xin Wang,Erica Cooper,Junichi Yamagishi

2024-09-10

Abstract:In real-world applications, it is challenging to build a speaker verification system that is simultaneously robust against common threats, including spoofing attacks, channel mismatch, and domain mismatch. Traditional automatic speaker verification (ASV) systems often tackle these issues separately, leading to suboptimal performance when faced with simultaneous challenges. In this paper, we propose an integrated framework that incorporates pair-wise learning and spoofing attack simulation into the meta-learning paradigm to enhance robustness against these multifaceted threats. This novel approach employs an asymmetric dual-path model and a multi-task learning strategy to handle ASV, anti-spoofing, and spoofing-aware ASV tasks concurrently. A new testing dataset, CNComplex, is introduced to evaluate system performance under these combined threats. Experimental results demonstrate that our integrated model significantly improves performance over traditional ASV systems across various scenarios, showcasing its potential for real-world deployment. Additionally, the proposed framework's ability to generalize across different conditions highlights its robustness and reliability, making it a promising solution for practical ASV applications.

Audio and Speech Processing,Sound

Cemal Hanilci,Tomi Kinnunen,Md Sahidullah,Aleksandr Sizov

DOI: https://doi.org/10.48550/arXiv.1603.03947

2016-09-15

Abstract:Automatic speaker verification (ASV) technology is recently finding its way to end-user applications for secure access to personal data, smart services or physical facilities. Similar to other biometric technologies, speaker verification is vulnerable to spoofing attacks where an attacker masquerades as a particular target speaker via impersonation, replay, text-to-speech (TTS) or voice conversion (VC) techniques to gain illegitimate access to the system. We focus on TTS and VC that represent the most flexible, high-end spoofing attacks. Most of the prior studies on synthesized or converted speech detection report their findings using high-quality clean recordings. Meanwhile, the performance of spoofing detectors in the presence of additive noise, an important consideration in practical ASV implementations, remains largely unknown. To this end, we analyze the suitability of state-of-the-art synthetic speech detectors under additive noise with a special focus on front-end features. Our comparison includes eight acoustic feature sets, five related to spectral magnitude and three to spectral phase information. Our extensive experiments on ASVSpoof 2015 corpus reveal several important findings. Firstly, all the countermeasures break down even at relatively high signal-to-noise ratios (SNRs) and fail to generalize to noisy conditions. Secondly, speech enhancement is not found helpful. Thirdly, GMM back-end generally outperforms the more involved i-vector back-end. Fourthly, concerning the compared features, the Mel-frequency cepstral coefficients (MFCCs) and subband spectral centroid magnitude coefficients (SCMCs) perform the best on average though the winner method depends on SNR and noise type. Finally, a study with two score fusion strategies shows that combining different feature based systems improves recognition accuracy for known and unknown attacks in both clean and noisy conditions.

Sound

Yanmin Qian,Nanxin Chen,Heinrich Dinkel,Zhizheng Wu

DOI: https://doi.org/10.1109/taslp.2017.2732162

2017-01-01

IEEE/ACM Transactions on Audio Speech and Language Processing

Abstract:Spoofing detection for automatic speaker verification (ASV) aims to discriminate between genuine and spoofed speech. This topic has received increased attentions recently due to safety concerns with deploying an ASV system. While the performance of spoofing detection has improved significantly in clean condition in recent studies, the performance degrades dramatically in noisy conditions. To address this issue, in this paper, we propose to extract robust and discriminative deep features by using deep learning techniques for spoofing detection. In particular, we employ deep feedforward, recurrent, and convolutional neural networks to extract discriminative features. We also introduce multicondition training, noise-aware training, and annealed dropout training to make neural networks more robust against noise and to avoid overfitting to specific spoofing attacks and noise types. The proposed neural networks and training techniques are combined into a single framework for spoofing detection. Experimental evaluation is carried out on a noisy version of the standard ASVspoof 2015 corpus, including both additive noisy and reverberant scenarios. Experimental results confirm that the proposed system dramatically decreases averaged equal error rates from 19.1% and 22.6% to 3.2% and 5.1% for seen and unseen noisy conditions, respectively.