a security evaluation platform for speaker recognition

View on GitHub


This is the official webpage for paper Towards Understanding and Mitigating Audio Adversarial Examples for Speaker Recognition.

In this paper, we systematically investigate transformation and adversarial training based defenses for speaker recognition systems (SRSs) and thoroughly evaluate their effectiveness using both non-adaptive and adaptive attacks under the same settings.

In summary, we make the following main contributions:

Empirical Study Result

Transformation against Non-adaptive Attacks

Transformation against Adaptive Attacks

Transformation+Adversarial-Training against Adaptive Attacks

Audio Files

We provides our audio files for percetibility measurement and other purposes.

For adversarial audios, after unzip, the directory A-B/X/X-Y/Z means the audios are crafted by the attack X with the attack paramter Y against the defense A with the defense parameter B on the speaker Z. For example, FeCo-ok-kmeans-raw-0_2-L2/FGSM/FGSM-0_002-50/1998 means the audios are crafted by FGSM attack with $\varepsilon=0.002$ and EOT_size $r=50$ against the defense FeCo with the defense parameter $cl_m=kmeans$ and $cl_r=0.2$ on the speaker 1998.

Platform: SpeakerGuard

To perform the above empirical study, we establish a security evaluation platform for speaker recognition.

Want to re-produce our experimental results, do something new with our platform, or even extend SpeakerGuard? Go to Code for SpeakerGuard for detailed instructions.