Introduction to Voice Presentation Attack Detection and Recent Advances

Sahidullah, Md; Delgado, Héctor; Todisco, Massimiliano; Kinnunen, Tomi; Evans, Nicholas; Yamagishi, Junichi; Lee, Kong Aik

doi:10.1007/978-3-319-92627-8_15

Cited by 60 publications

(49 citation statements)

References 183 publications

(218 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Traditional methods. Since the release of benchmark anti-spoofing datasets [63,64,65] and evaluation protocols as part of the ongoing ASVspoof challenge series 4 , there has been considerable research on presentation attack detection [2], in particular for TTS, VC, and replay attacks. Many anti-spoofing features coupled with a GMM backend have been studied and proposed in the literature.…”

Section: Related Workmentioning

confidence: 99%

“…They have been adapted as baseline features in the recent ASVspoof 2017 and ASVspoof 2019 challenges. Further tweaks on CQCCs have been studied in [67] showing 2 We use naive VAE to refer the standard (vanilla) VAE [21] trained without any class labels. Information about the class is included by independently training one VAE per class.…”

Section: Related Workmentioning

confidence: 99%

“…The first, naive approach, is to train VAEs similarly as GMMs [68,72,66]independently of each other, using the respective training sets X bona = {x n |y n = 1} and X spoof = {x n |y n = 0}. VAEs are trained to optimize the loss function described in (2). This yields two VAEs, Λ bona and Λ spoof .…”

Section: Conditioning Vaes By Class Labelmentioning

confidence: 99%

“…This yields two VAEs, Λ bona and Λ spoof . At the test time, the two VAEs are independently scored using (2), and combined by subtracting the spoof score from the bona fide score. The higher the score, the higher the confidence that the test utterance originates from the bonafide class.…”

Section: Conditioning Vaes By Class Labelmentioning

confidence: 99%

“…Voice biometric systems use automatic speaker verification (ASV) [1] technologies for user authentication. Even if it is among the most convenient means of biometric authentication, the robustness and security of ASV in the face of spoofing attacks (or presentation attacks) is of growing concern, and is now well acknowledged by the community [2]. A spoofing attack involves illegitimate access to personal data of a targeted user.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Deep generative variational autoencoding for replay spoof detection in automatic speaker verification

Chettri

Kinnunen

Benetos

2020

Computer Speech & Language

Self Cite

View full text Add to dashboard Cite

Automatic speaker verification (ASV) systems are highly vulnerable to presentation attacks, also called spoofing attacks. Replay is among the simplest attacks to mount -yet difficult to detect reliably. The generalization failure of spoofing countermeasures (CMs) has driven the community to study various alternative deep learning CMs. The majority of them are supervised approaches that learn a human-spoof discriminator. In this paper, we advocate a different, deep generative approach that leverages from powerful unsupervised manifold learning in classification. The potential benefits include the possibility to sample new data, and to obtain insights to the latent features of genuine and spoofed speech. To this end, we propose to use variational autoencoders (VAEs) as an alternative backend for replay attack detection, via three alternative models that differ in their class-conditioning. The first one, similar to the use of Gaussian mixture models (GMMs) in spoof detection, is to train independently two VAEs -one for each class. The second one is to train a single conditional model (C-VAE) by injecting a one-hot class label vector to the encoder and decoder networks. Our final proposal integrates an auxiliary classifier to guide the learning of the latent space. Our experimental results using constant-Q cepstral coefficient (CQCC) features on the ASVspoof 2017 and 2019 physical access subtask datasets indicate that the C-VAE offers substantial improvement in comparison to training two separate VAEs for each class. On the 2019 dataset, the C-VAE outperforms the VAE and the baseline GMM by an absolute 9 -10% in both equal error rate (EER) and tandem detection cost function (t-DCF) metrics. Finally, we propose VAE residuals -the absolute difference of the original input and the reconstruction as features for spoofing detection. The proposed frontend approach augmented with a convolutional neural network classifier demonstrated substantial improvement over the VAE backend use case.

show abstract