Ruiwen He,Yushi Cheng,Zhicong Zheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/jiot.2024.3406962

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Due to the open nature of voice and voice interface, an adversary can spoof voice recognition systems by replaying pre-recorded voice commands from legitimate users, known as the voice replay attack. Existing detection methods against voice replay attacks mainly rely on extra hardware to determine the sound source or require excessive computing resources to train a classifier with abundant acoustic features. In this paper, we propose Anti-Replay, a fast and lightweight detection system for voice replay attacks. To overcome the challenge of redundant classification features and complex calculation, we first investigate the time-frequency spectrum difference between the genuine human voice and the replayed audio caused by the non-linear distortion of the attacker’s microphones and speakers. Then, we design 5 types with a total of 77 features in both the time and frequency domains and propose a convolutional neural network classifier SE-ResNet50 for attack detection. Evaluations against the datasets of ASVspoof2017, ASVspoof2019, and ASVspoof2021 demonstrate that Anti-Replay can achieve an average equal error rate (EER) of 1.36% across three datasets. Meanwhile, Anti-Replay decreases the training time by 52.3% and 90.2% and decreases the model size by 83.5% and 99.9% compared with the baseline model CQCC-GMM and the state-of-the-art method Res2Net. We have also confirmed that our system is effective in detecting the adaptive replay attack.

J. Epps,E. Ambikairajah,Buddhi Wickramasinghe,P. Le

DOI: https://doi.org/10.1109/ICIAFS.2018.8913356

2018-12-01

Abstract:Automatic speaker verification systems play a significant role among current biometric authentication systems. However, they have become vulnerable to various types of malicious spoofing attacks with the increasing popularity. These attacks include identical twins, impersonation, speech synthesis, voice conversion and replay. Recent studies have highlighted the need for developing more effective and robust countermeasures for replay attacks, which can be very challenging to detect. However, replayed speech has shown some frequency band-based differences to non-replayed speech signals. This paper intends to capture these differences using multiple perceptual filter banks to extract a spectral centroid magnitude feature for replay attack detection. The paper further highlights the need for custom filter banks rather than using already available filter banks for enhancing the replay attack detection performance.

Computer Science

Meng Liu,Longbiao Wang,Jianwu Dang,Kong Aik Lee,Seiichi Nakagawa

DOI: https://doi.org/10.1016/j.csl.2020.101161

2021-03-01

Abstract:<p>Replay attacks pose the most severe threat to automatic speaker verification systems among various spoofing attacks. In this paper, we propose a novel feature extraction method that leverages both the phase-based and magnitude-based features. The proposed method fully utilizes the subband information and the complementary information from the phase and magnitude spectra. First, we conduct a discriminative performance analysis on full frequency bands via the F-ratio method. Then, variable-frequency resolution features are extracted via several techniques to capture highly discriminative information on frequency bands. Finally, complementary information from the phase and magnitude domains are fused to achieve higher performance. The results on the ASVspoof 2017 database demonstrate that our proposed frequency adaptive features attain relative error reduction rates of 83.4% and 62.3% on the development and evaluation datasets, respectively, compared to the baseline method.</p>

computer science, artificial intelligence

Yang Xie,Zhenchuan Zhang,Yingchun Yang

DOI: https://doi.org/10.21437/Interspeech.2021-847

2021-01-01

Abstract:Automatic speaker verification is vulnerable to spoofing attacks with synthesized or converted speech. Although high-performance anti-spoofing countermeasures can achieve high accuracy when the training and testing spoofing attack examples are similarly distributed, their performance degrades significantly when confronted with out-of-distribution spoofing speech, which is created by increasingly advanced unseen speech synthesis and voice conversion methods. Since it is unrealistic to collect enough labeled data from each new spoofing attack method, we argue that addressing the problem of out-of-distribution generalization for spoofing speech detection is essential. In this work, we propose a two-phase representation learning system based on a Siamese network for spoofing speech detection tasks. During the representation learning phase, an embedding Siamese neural network is trained with the wav2vec features to distinguish whether the speech samples in a pair belong to the same category. The proposed system decreases the equal error rate from the state-of-the-art result of 4:07% to 1:15% on the ASVspoof 2019 evaluation set.

Jianan Ji,Yang Xie,Yingchun Yang

DOI: https://doi.org/10.1109/smc53992.2023.10393996

2023-01-01

Abstract:High-performance anti-spoofing countermeasures (CMs) have been widely used to protect automatic speaker verification systems by identifying and filtering spoofing speech. However, their performance degrades severely when confronted with out-of-domain (OOD) samples. To solve this issue, recent papers investigate the strategy that a CM can opt for abstention when it is not confident about the decision. In this paper, we develop an effective approach to enhance the performance of CMs with abstention. Specifically, we introduce supervised contrastive learning to group samples into known classes more tightly and employ data augmentation to enhance the diversity of known samples. The experiments are conducted on ASV spoof 2019 logical access corpus and another test set consisting of different OOD samples from other databases. With our scheme, CMs with abstention can achieve an equal error rate (EER) of 1.84 % on the LA test set and 0.86 % on the other test set. These results demonstrate that CMs trained with our approach show better OOD detection performance and can make more confident decisions.

Cemal Hanilci,Tomi Kinnunen,Md Sahidullah,Aleksandr Sizov

DOI: https://doi.org/10.48550/arXiv.1603.03947

2016-09-15

Abstract:Automatic speaker verification (ASV) technology is recently finding its way to end-user applications for secure access to personal data, smart services or physical facilities. Similar to other biometric technologies, speaker verification is vulnerable to spoofing attacks where an attacker masquerades as a particular target speaker via impersonation, replay, text-to-speech (TTS) or voice conversion (VC) techniques to gain illegitimate access to the system. We focus on TTS and VC that represent the most flexible, high-end spoofing attacks. Most of the prior studies on synthesized or converted speech detection report their findings using high-quality clean recordings. Meanwhile, the performance of spoofing detectors in the presence of additive noise, an important consideration in practical ASV implementations, remains largely unknown. To this end, we analyze the suitability of state-of-the-art synthetic speech detectors under additive noise with a special focus on front-end features. Our comparison includes eight acoustic feature sets, five related to spectral magnitude and three to spectral phase information. Our extensive experiments on ASVSpoof 2015 corpus reveal several important findings. Firstly, all the countermeasures break down even at relatively high signal-to-noise ratios (SNRs) and fail to generalize to noisy conditions. Secondly, speech enhancement is not found helpful. Thirdly, GMM back-end generally outperforms the more involved i-vector back-end. Fourthly, concerning the compared features, the Mel-frequency cepstral coefficients (MFCCs) and subband spectral centroid magnitude coefficients (SCMCs) perform the best on average though the winner method depends on SNR and noise type. Finally, a study with two score fusion strategies shows that combining different feature based systems improves recognition accuracy for known and unknown attacks in both clean and noisy conditions.

Sound

Syed Faham Ali Zaidi,Longting Xu

DOI: https://doi.org/10.1088/1742-6596/2224/1/012119

2022-04-01

Journal of Physics: Conference Series

Abstract:Abstract The ASVspoof challenge sequences were proposed to lead the research in anti-spoofing to a new level for automatic speaker verification (ASV). It’s verified that constant Q cepstral coefficients (CQCC) processes speech in variable frequencies with adjustable resolution and outperforms the other generally used features and Linear Frequency Cepstral Coefficient (LFCC) is used in high-frequency areas. The feature selection algorithm is offered to decrease computational complexity and overfitting for spoofed utterance detection. Precisely, there’s a demand for feature selection algorithms that are computationally effective and sensitive to feature interactions so that useful features aren’t falsely excluded during the ranking process. We experiment on the ASVspoof 2019 challenge for the assessment of spoofing countermeasures. After the evaluation of our given algorithms and data gives us an equal error rate (EER) and tandem discovery cost function (t-DCF) values. Experimental results on ASVspoof 2019 physical access referring to multiple feature selection approaches show a breakthrough compared to the baseline.

Xingliang Cheng,Mingxing Xu,Thomas Fang Zheng

DOI: https://doi.org/10.1109/APSIPAASC47483.2019.9023158

2019-01-01

Abstract:Automatic Speaker Verification (ASV) technology is vulnerable to various kinds of spoofing attacks, including speech synthesis, voice conversion, and replay. Among them, the replay attack is easy to implement, posing a more severe threat to ASV. The constant-Q cepstrum coefficient (CQCC) feature is effective for detecting the replay attacks, but it only utilizes the magnitude of constant-Q transform (CQT) and discards the phase information. Meanwhile, the commonly used Gaussian mixture model (GMM) cannot model the reverberation present in far-field recordings. In this paper, we incorporate the CQT and modified group delay function (MGD) in order to utilize the phase of CQT. Also, we present a simple 2D-convolution multi-branch network architecture for replay detection, which can model the distortion both in the time and frequency domains. The experiment shows that the proposed CQT-based MGD feature outperforms traditional MGD feature, and performance can be further improved by combining both magnitude-based and phase-based feature. Our best fusion system achieves 0.0096 min-tDCF and 0.39% EER on ASVspoof 2019 Physical Access evaluation set. Comparing with the CQCC-GMM baseline system provided by the organizer, the min-tDCF is relatively reduced by 96.09% and EER is relatively reduced by 96.46%. Our system is submitted to the ASVspoof 2019 Physical Access sub-challenge and won 1st place.

Yifeng Wang,Yong Liu,Peng Gao,Yujun Wang

DOI: https://doi.org/10.1145/3458380.3458426

2021-02-26

Abstract:The spoofing clues with reverberation, channel and environmental noise are intertwined with the genuine speaker voice, making the task for replay attack detection challenging. In this study, we propose a novel approach to make full use of the replay clues of a whole utterance, by separately extracting different features from voiced and non-voiced segments and training separate Gaussian Mixed Models. First, a joint voice activity detector is adopted to get accurate boundaries of the different segments. Then this paper extracts Constant-Q Cepstral Coefficients and Inverse Mel Frequency Cepstral Coefficients from voiced and non-voiced segments respectively. Finally, a Score Calibrator Toolkit is used to fuse the scores of voiced and non-voiced segments. The result on evaluation set of ASVspoof 2017 V2.0 corpus shows that our proposed method yields an 18.4% relative reduction in equal error ratecompared to the CQCC-CMVN baseline system.

Awais Khan,Khalid Mahmood Malik,Shah Nawaz

2023-09-18

Abstract:Voice spoofing attacks pose a significant threat to automated speaker verification systems. Existing anti-spoofing methods often simulate specific attack types, such as synthetic or replay attacks. However, in real-world scenarios, the countermeasures are unaware of the generation schema of the attack, necessitating a unified solution. Current unified solutions struggle to detect spoofing artifacts, especially with recent spoofing mechanisms. For instance, the spoofing algorithms inject spectral or temporal anomalies, which are challenging to identify. To this end, we present a spectra-temporal fusion leveraging frame-level and utterance-level coefficients. We introduce a novel local spectral deviation coefficient (SDC) for frame-level inconsistencies and employ a bi-LSTM-based network for sequential temporal coefficients (STC), which capture utterance-level artifacts. Our spectra-temporal fusion strategy combines these coefficients, and an auto-encoder generates spectra-temporal deviated coefficients (STDC) to enhance robustness. Our proposed approach addresses multiple spoofing categories, including synthetic, replay, and partial deepfake attacks. Extensive evaluation on diverse datasets (ASVspoof2019, ASVspoof2021, VSDC, partial spoofs, and in-the-wild deepfakes) demonstrated its robustness for a wide range of voice applications.

Sound,Computers and Society,Audio and Speech Processing

Ivan Himawan,Srikanth Madikeri,Petr Motlicek,Milos Cernak,Sridha Sridharan,Clinton Fookes

DOI: https://doi.org/10.1007/978-3-319-92627-8_17

2019-01-01

Abstract:Current state-of-the-art automatic speaker verification (ASV) systems are prone to spoofing. The security and reliability of ASV systems can be threatened by different types of spoofing attacks using voice conversion, synthetic speech, or recorded passphrase. It is therefore essential to develop countermeasure techniques which can detect such spoofed speech. Inspired by the success of deep learning approaches in various classification tasks, this work presents an in-depth study of convolutional neural networks (CNNs) for spoofing detection in automatic speaker verification (ASV) systems. Specifically, we have compared the use of three different CNNs architectures: AlexNet, CNNs with max-feature-map activation, and an ensemble of standard CNNs for developing spoofing countermeasures, and discussed their potential to avoid overfitting due to small amounts of training data that is usually available in this task. We used popular deep learning toolkits for the system implementation and have released the implementation code of our methods publicly. We have evaluated the proposed countermeasure systems for detecting replay attacks on recently released spoofing corpora ASVspoof 2017, and also provided in-depth visual analyses of CNNs to aid for future research in this area.

Sarfaraz Jelil,Rohit Sinha,S. R. Mahadeva Prasanna

DOI: https://doi.org/10.1109/lsp.2024.3370490

2024-03-09

IEEE Signal Processing Letters

Abstract:The role of pitch-synchronous source features in the detection of replay attacks on speaker verification systems has been explored earlier. This letter presents some advancements in the processing which enable the use of the entire source signal as well as better capture of the source dynamics. The resulting features are used to develop replay attack detection systems using both the Gaussian mixture model and ResNet-18 classifiers. The performances of these systems are evaluated on the physical attack subset of the ASVSpoof 2019 database. In a similar setup, the proposed features are noted to yield quite competitive performance compared to some of the existing replay attack detection features.

engineering, electrical & electronic

Shu Wang,Jiahao Cao,Xu He,Kun Sun,Qi Li

DOI: https://doi.org/10.1145/3372297.3417254

2020-09-02

Abstract:Automatic speech recognition (ASR) systems have been widely deployed in modern smart devices to provide convenient and diverse voice-controlled services. Since ASR systems are vulnerable to audio replay attacks that can spoof and mislead ASR systems, a number of defense systems have been proposed to identify replayed audio signals based on the speakers' unique acoustic features in the frequency domain. In this paper, we uncover a new type of replay attack called modulated replay attack, which can bypass the existing frequency domain based defense systems. The basic idea is to compensate for the frequency distortion of a given electronic speaker using an inverse filter that is customized to the speaker's transform characteristics. Our experiments on real smart devices confirm the modulated replay attacks can successfully escape the existing detection mechanisms that rely on identifying suspicious features in the frequency domain. To defeat modulated replay attacks, we design and implement a countermeasure named DualGuard. We discover and formally prove that no matter how the replay audio signals could be modulated, the replay attacks will either leave ringing artifacts in the time domain or cause spectrum distortion in the frequency domain. Therefore, by jointly checking suspicious features in both frequency and time domains, DualGuard can successfully detect various replay attacks including the modulated replay attacks. We implement a prototype of DualGuard on a popular voice interactive platform, ReSpeaker Core v2. The experimental results show DualGuard can achieve 98% accuracy on detecting modulated replay attacks.

Cryptography and Security

Mingrui He,Longting Xu,Han Wang,Mingjun Zhang,Rohan Kumar Das

2024-04-26

Abstract:The most common spoofing attacks on automatic speaker verification systems are replay speech attacks. Detection of replay speech heavily relies on replay configuration information. Previous studies have shown that graph Fourier transform-derived features can effectively detect replay speech but ignore device and environmental noise effects. In this work, we propose a new feature, the graph frequency device cepstral coefficient, derived from the graph frequency domain using a device-related linear transformation. We also introduce two novel representations: graph frequency logarithmic coefficient and graph frequency logarithmic device coefficient. We evaluate our methods using traditional Gaussian mixture model and light convolutional neural network systems as classifiers. On the ASVspoof 2017 V2, ASVspoof 2019 physical access, and ASVspoof 2021 physical access datasets, our proposed features outperform known front-ends, demonstrating their effectiveness for replay speech detection.

Sound,Audio and Speech Processing

Xuechen Liu,Md Sahidullah,Kong Aik Lee,Tomi Kinnunen

2023-06-08

Abstract:We address speaker-aware anti-spoofing, where prior knowledge of the target speaker is incorporated into a voice spoofing countermeasure (CM). In contrast to the frequently used speaker-independent solutions, we train the CM in a speaker-conditioned way. As a proof of concept, we consider speaker-aware extension to the state-of-the-art AASIST (audio anti-spoofing using integrated spectro-temporal graph attention networks) model. To this end, we consider two alternative strategies to incorporate target speaker information at the frame and utterance levels, respectively. The experimental results on a custom protocol based on ASVspoof 2019 dataset indicates the efficiency of the speaker information via enrollment: we obtain maximum relative improvements of 25.1% and 11.6% in equal error rate (EER) and minimum tandem detection cost function (t-DCF) over a speaker-independent baseline, respectively.

Sound,Cryptography and Security,Audio and Speech Processing

Dipjyoti Paul,Md Sahidullah,Goutam Saha

DOI: https://doi.org/10.48550/arXiv.1901.08025

2019-01-23

Multimedia

Abstract:Voice-based biometric systems are highly prone to spoofing attacks. Recently, various countermeasures have been developed for detecting different kinds of attacks such as replay, speech synthesis (SS) and voice conversion (VC). Most of the existing studies are conducted with a specific training set defined by the evaluation protocol. However, for realistic scenarios, selecting appropriate training data is an open challenge for the system administrator. Motivated by this practical concern, this work investigates the generalization capability of spoofing countermeasures in restricted training conditions where speech from a broad attack types are left out in the training database. We demonstrate that different spoofing types have considerably different generalization capabilities. For this study, we analyze the performance using two kinds of features, mel-frequency cepstral coefficients (MFCCs) which are considered as baseline and recently proposed constant Q cepstral coefficients (CQCCs). The experiments are conducted with standard Gaussian mixture model - maximum likelihood (GMM-ML) classifier on two recently released spoofing corpora: ASVspoof 2015 and BTAS 2016 that includes cross-corpora performance analysis. Feature-level analysis suggests that static and dynamic coefficients of spectral features, both are important for detecting spoofing attacks in the real-life condition.

Zhenchun Lei,Hui Yan,Changhong Liu,Minglei Ma,Yingen Yang

DOI: https://doi.org/10.1109/ICASSP43922.2022.9746163

2024-07-08

Abstract:The automatic speaker verification system is sometimes vulnerable to various spoofing attacks. The 2-class Gaussian Mixture Model classifier for genuine and spoofed speech is usually used as the baseline for spoofing detection. However, the GMM classifier does not separately consider the scores of feature frames on each Gaussian component. In addition, the GMM accumulates the scores on all frames independently, and does not consider their correlations. We propose the two-path GMM-ResNet and GMM-SENet models for spoofing detection, whose input is the Gaussian probability features based on two GMMs trained on genuine and spoofed speech respectively. The models consider not only the score distribution on GMM components, but also the relationship between adjacent frames. A two-step training scheme is applied to improve the system robustness. Experiments on the ASVspoof 2019 show that the LFCC+GMM-ResNet system can relatively reduce min-tDCF and EER by 76.1% and 76.3% on logical access scenario compared with the GMM, and the LFCC+GMM-SENet system by 94.4% and 95.4% on physical access scenario. After score fusion, the systems give the second-best results on both scenarios.

Sound,Audio and Speech Processing

Jincheng Zhou,Tao Hai,Dayang N. A. Jawawi,Dan Wang,Ebuka Ibeke,Cresantus Biamba

DOI: https://doi.org/10.1186/s13677-022-00306-5

2022-01-01

Journal of Cloud Computing

Abstract:In our everyday lives, we communicate with each other using several means and channels of communication, as communication is crucial in the lives of humans. Listening and speaking are the primary forms of communication. For listening and speaking, the human voice is indispensable. Voice communication is the simplest type of communication. The Automatic Speaker Verification (ASV) system verifies users with their voices. These systems are susceptible to voice spoofing attacks - logical and physical access attacks. Recently, there has been a notable development in the detection of these attacks. Attackers use enhanced gadgets to record users’ voices, replay them for the ASV system, and be granted access for harmful purposes. In this work, we propose a secure voice spoofing countermeasure to detect voice replay attacks. We enhanced the ASV system security by building a spoofing countermeasure dependent on the decomposed signals that consist of prominent information. We used two main features— the Gammatone Cepstral Coefficients and Mel-Frequency Cepstral Coefficients— for the audio representation. For the classification of the features, we used Bi-directional Long-Short Term Memory Network in the cloud, a deep learning classifier. We investigated numerous audio features and examined each feature’s capability to obtain the most vital details from the audio for it to be labelled genuine or a spoof speech. Furthermore, we use various machine learning algorithms to illustrate the superiority of our system compared to the traditional classifiers. The results of the experiments were classified according to the parameters of accuracy, precision rate, recall, F1-score, and Equal Error Rate (EER). The results were 97%, 100%, 90.19% and 94.84%, and 2.95%, respectively.

Amol Chaudhari,Dnyandeo Shedge,Vinayak Bairagi,Aziz Nanthaamornphong

DOI: https://doi.org/10.3390/sym16070788

2024-06-23

Symmetry

Abstract:The automatic speaker verification system is susceptible to replay attacks. Recent literature has focused on score-level integration of multiple features, phase information-based features, high frequency-based features, and glottal excitation for the detection of replay attacks. This work presents glottal excitation-based all-pole group delay function (GAPGDF) features for replay attack detection. The essence of a group delay function based on the all-pole model is to exploit information from the speech signal phase spectrum in an effective manner. Further, the performance of integrated high-frequency-based CQCC features with cepstral features, subband spectral centroid-based features (SCFC and SCMC), APGDF, and LPC-based features is evaluated on the ASVspoof 2017 version 2.0 database. On the development set, an EER of 3.08% is achieved, and on the evaluation set, an EER of 9.86% is achieved. The proposed GAPGDF features provide an EER of 10.5% on the evaluation set. Finally, integrated GAPGDF and GCQCC features provide an EER of 8.80% on the evaluation set. The computation time required for the ASV systems based on various integrated features is compared to ensure symmetry between the integrated features and the classifier.

multidisciplinary sciences

Bhusan Chettri,Tomi Kinnunen,Emmanouil Benetos

DOI: https://doi.org/10.1016/j.csl.2020.101092

2020-09-01

Abstract:<p><em>Automatic speaker verification</em> (ASV) systems are highly vulnerable to presentation attacks, also called spoofing attacks. <em>Replay</em> is among the simplest attacks to mount — yet difficult to detect reliably. The generalization failure of spoofing countermeasures (CMs) has driven the community to study various alternative deep learning CMs. The majority of them are <em>supervised</em> approaches that learn a human-spoof discriminator. In this paper, we advocate a different, <em>deep generative</em> approach that leverages from powerful <em>unsupervised</em> manifold learning in classification. The potential benefits include the possibility to sample new data, and to obtain insights to the latent features of genuine and spoofed speech. To this end, we propose to use <em>variational autoencoders</em> (VAEs) as an alternative backend for replay attack detection, via three alternative models that differ in their class-conditioning. The first one, similar to the use of Gaussian mixture models (GMMs) in spoof detection, is to train independently two VAEs — one for each class. The second one is to train a single conditional model (C-VAE) by injecting a one-hot class label vector to the encoder and decoder networks. Our final proposal integrates an <em>auxiliary classifier</em> to guide the learning of the latent space. Our experimental results using constant-Q cepstral coefficient (CQCC) features on the ASVspoof 2017 and 2019 physical access subtask datasets indicate that the C-VAE offers substantial improvement in comparison to training two separate VAEs for each class. On the 2019 dataset, the C-VAE outperforms the VAE and the baseline GMM by an absolute 9 - 10% in both equal error rate (EER) and tandem detection cost function (t-DCF) metrics. Finally, we propose VAE residuals — the absolute difference of the original input and the reconstruction as features for spoofing detection. The proposed frontend approach augmented with a convolutional neural network classifier demonstrated substantial improvement over the VAE backend use case.</p>

computer science, artificial intelligence