Audio-deepfake detection: Adversarial attacks and countermeasures
<p>Audio has always been a powerful resource for biometric authentication: thus, numerous AI-based audio authentication systems (classifiers) have been proposed. While these classifiers are effective in identifying legitimate human-generated input their security, to the best of our knowledge,...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | , |
| منشور في: |
2024
|
| الموضوعات: | |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| _version_ | 1864513516016238592 |
|---|---|
| author | Mouna Rabhi (17086969) |
| author2 | Spiridon Bakiras (16896408) Roberto Di Pietro (16864155) |
| author2_role | author author |
| author_facet | Mouna Rabhi (17086969) Spiridon Bakiras (16896408) Roberto Di Pietro (16864155) |
| author_role | author |
| dc.creator.none.fl_str_mv | Mouna Rabhi (17086969) Spiridon Bakiras (16896408) Roberto Di Pietro (16864155) |
| dc.date.none.fl_str_mv | 2024-09-15T03:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1016/j.eswa.2024.123941 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/Audio-deepfake_detection_Adversarial_attacks_and_countermeasures/25827097 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Information and computing sciences Artificial intelligence Cybersecurity and privacy Authentication Adversarial attacks Audio deepfake Fake voice detection GAN Biometrics Security |
| dc.title.none.fl_str_mv | Audio-deepfake detection: Adversarial attacks and countermeasures |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p>Audio has always been a powerful resource for biometric authentication: thus, numerous AI-based audio authentication systems (classifiers) have been proposed. While these classifiers are effective in identifying legitimate human-generated input their security, to the best of our knowledge, has not been explored thoroughly when confronted with advanced attacks that leverage AI-generated deepfake audio. This issue presents a serious concern regarding the security of these classifiers because, e.g., samples generated using adversarial attacks might fool such classifiers, resulting in incorrect classification. In this study, we prove the point: we demonstrate that state-of-the-art audio deepfake classifiers are vulnerable to adversarial attacks. In particular, we design two adversarial attacks on a state-of-the-art audio-deepfake classifier, i.e., the Deep4SNet classification model, which achieves 98.5% accuracy in detecting fake audio samples. The designed adversarial attacks 1 1 The code of the attacks will be released open-source in the camera ready. leverage a generative adversarial network architecture and reduce the detector’s accuracy to nearly 0%. In particular, under graybox attack scenarios, we demonstrate that when starting from random noise, we can reduce the accuracy of the state-of-the-art detector from 98.5% to only 0.08%. To mitigate the effect of adversarial attacks on audio-deepfake detectors, we propose a highly generalizable, lightweight, simple, and effective add-on defense mechanism that can be implemented in any audio-deepfake detector. Finally, we discuss promising research directions.</p><h2>Other Information</h2> <p> Published in: Expert Systems with Applications<br> License: <a href="http://creativecommons.org/licenses/by/4.0/" target="_blank">http://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1016/j.eswa.2024.123941" target="_blank">https://dx.doi.org/10.1016/j.eswa.2024.123941</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_134d8e61a1bd07f48f44a9756a52e866 |
| identifier_str_mv | 10.1016/j.eswa.2024.123941 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/25827097 |
| publishDate | 2024 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Audio-deepfake detection: Adversarial attacks and countermeasuresMouna Rabhi (17086969)Spiridon Bakiras (16896408)Roberto Di Pietro (16864155)Information and computing sciencesArtificial intelligenceCybersecurity and privacyAuthenticationAdversarial attacksAudio deepfakeFake voice detectionGANBiometricsSecurity<p>Audio has always been a powerful resource for biometric authentication: thus, numerous AI-based audio authentication systems (classifiers) have been proposed. While these classifiers are effective in identifying legitimate human-generated input their security, to the best of our knowledge, has not been explored thoroughly when confronted with advanced attacks that leverage AI-generated deepfake audio. This issue presents a serious concern regarding the security of these classifiers because, e.g., samples generated using adversarial attacks might fool such classifiers, resulting in incorrect classification. In this study, we prove the point: we demonstrate that state-of-the-art audio deepfake classifiers are vulnerable to adversarial attacks. In particular, we design two adversarial attacks on a state-of-the-art audio-deepfake classifier, i.e., the Deep4SNet classification model, which achieves 98.5% accuracy in detecting fake audio samples. The designed adversarial attacks 1 1 The code of the attacks will be released open-source in the camera ready. leverage a generative adversarial network architecture and reduce the detector’s accuracy to nearly 0%. In particular, under graybox attack scenarios, we demonstrate that when starting from random noise, we can reduce the accuracy of the state-of-the-art detector from 98.5% to only 0.08%. To mitigate the effect of adversarial attacks on audio-deepfake detectors, we propose a highly generalizable, lightweight, simple, and effective add-on defense mechanism that can be implemented in any audio-deepfake detector. Finally, we discuss promising research directions.</p><h2>Other Information</h2> <p> Published in: Expert Systems with Applications<br> License: <a href="http://creativecommons.org/licenses/by/4.0/" target="_blank">http://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1016/j.eswa.2024.123941" target="_blank">https://dx.doi.org/10.1016/j.eswa.2024.123941</a></p>2024-09-15T03:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1016/j.eswa.2024.123941https://figshare.com/articles/journal_contribution/Audio-deepfake_detection_Adversarial_attacks_and_countermeasures/25827097CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/258270972024-09-15T03:00:00Z |
| spellingShingle | Audio-deepfake detection: Adversarial attacks and countermeasures Mouna Rabhi (17086969) Information and computing sciences Artificial intelligence Cybersecurity and privacy Authentication Adversarial attacks Audio deepfake Fake voice detection GAN Biometrics Security |
| status_str | publishedVersion |
| title | Audio-deepfake detection: Adversarial attacks and countermeasures |
| title_full | Audio-deepfake detection: Adversarial attacks and countermeasures |
| title_fullStr | Audio-deepfake detection: Adversarial attacks and countermeasures |
| title_full_unstemmed | Audio-deepfake detection: Adversarial attacks and countermeasures |
| title_short | Audio-deepfake detection: Adversarial attacks and countermeasures |
| title_sort | Audio-deepfake detection: Adversarial attacks and countermeasures |
| topic | Information and computing sciences Artificial intelligence Cybersecurity and privacy Authentication Adversarial attacks Audio deepfake Fake voice detection GAN Biometrics Security |