Robust Speaker Verification System Against Adversarial Attacks Using ResNet and Source Separation in Noisy Conditions
摘要
Speaker recognition systems (SRS) have become a central component of modern biometric systems, enabling non-intrusive user identification and authentication. However, despite their importance, these systems remain highly vulnerable to various forms of malicious attacks. These include replay attacks, speech synthesis, and, more recently, adversarial attacks, which subtly manipulate audio signals to deceive recognition models without being detected by the human ear. In this paper, we propose an innovative approach to strengthen SRS security. First, we introduce a ResNet-based attack model designed to generate targeted adversarial disruptions to speech recognition systems. Second, we develop a defense method based on audio source separation, allowing for the filtering and attenuation of disruptions before they are processed by the recognition system. To validate our approach, we conducted experiments on the Librispeech dataset, simulating different noise levels from the NOISEX-92 database to reproduce realistic acoustic conditions. The experimental results show that the proposed defense method significantly increases the robustness and scurity of SRS against three types of attacks FGSM, PGD and BIM.