ISCA Archive Interspeech 2021
ISCA Archive Interspeech 2021

Voting for the Right Answer: Adversarial Defense for Speaker Verification

Haibin Wu, Yang Zhang, Zhiyong Wu, Dong Wang, Hung-yi Lee

Automatic speaker verification (ASV) is a well developed technology for biometric identification, and has been ubiquitous implemented in security-critic applications, such as banking and access control. However, previous works have shown that ASV is under the radar of adversarial attacks, which are very similar to their original counterparts from human’s perception, yet will manipulate the ASV render wrong prediction. Due to the very late emergence of adversarial attacks for ASV, effective countermeasures against them are limited. Given that the security of ASV is of high priority, in this work, we propose the idea of “voting for the right answer” to prevent risky decisions of ASV in blind spot areas, by employing random sampling and voting. Experimental results show that our proposed method improves the robustness against both the limited-knowledge attackers by pulling the adversarial samples out of the blind spots, and the sufficient-knowledge attackers by introducing randomness and increasing the attackers’ budgets.

doi: 10.21437/Interspeech.2021-1452

Cite as: Wu, H., Zhang, Y., Wu, Z., Wang, D., Lee, H.-y. (2021) Voting for the Right Answer: Adversarial Defense for Speaker Verification. Proc. Interspeech 2021, 4294-4298, doi: 10.21437/Interspeech.2021-1452

  author={Haibin Wu and Yang Zhang and Zhiyong Wu and Dong Wang and Hung-yi Lee},
  title={{Voting for the Right Answer: Adversarial Defense for Speaker Verification}},
  booktitle={Proc. Interspeech 2021},