D-CAPTCHA++: A Study of Resilience of Deepfake CAPTCHA under Transferable Imperceptible Adversarial Attack

arXiv - EE - Audio and Speech Processing Pub Date : 2024-09-11 DOI:arxiv-2409.07390

Hong-Hanh Nguyen-Le, Van-Tuan Tran, Dinh-Thuc Nguyen, Nhien-An Le-Khac

{"title":"D-CAPTCHA++: A Study of Resilience of Deepfake CAPTCHA under Transferable Imperceptible Adversarial Attack","authors":"Hong-Hanh Nguyen-Le, Van-Tuan Tran, Dinh-Thuc Nguyen, Nhien-An Le-Khac","doi":"arxiv-2409.07390","DOIUrl":null,"url":null,"abstract":"The advancements in generative AI have enabled the improvement of audio\nsynthesis models, including text-to-speech and voice conversion. This raises\nconcerns about its potential misuse in social manipulation and political\ninterference, as synthetic speech has become indistinguishable from natural\nhuman speech. Several speech-generation programs are utilized for malicious\npurposes, especially impersonating individuals through phone calls. Therefore,\ndetecting fake audio is crucial to maintain social security and safeguard the\nintegrity of information. Recent research has proposed a D-CAPTCHA system based\non the challenge-response protocol to differentiate fake phone calls from real\nones. In this work, we study the resilience of this system and introduce a more\nrobust version, D-CAPTCHA++, to defend against fake calls. Specifically, we\nfirst expose the vulnerability of the D-CAPTCHA system under transferable\nimperceptible adversarial attack. Secondly, we mitigate such vulnerability by\nimproving the robustness of the system by using adversarial training in\nD-CAPTCHA deepfake detectors and task classifiers.","PeriodicalId":501284,"journal":{"name":"arXiv - EE - Audio and Speech Processing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - EE - Audio and Speech Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07390","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The advancements in generative AI have enabled the improvement of audio synthesis models, including text-to-speech and voice conversion. This raises concerns about its potential misuse in social manipulation and political interference, as synthetic speech has become indistinguishable from natural human speech. Several speech-generation programs are utilized for malicious purposes, especially impersonating individuals through phone calls. Therefore, detecting fake audio is crucial to maintain social security and safeguard the integrity of information. Recent research has proposed a D-CAPTCHA system based on the challenge-response protocol to differentiate fake phone calls from real ones. In this work, we study the resilience of this system and introduce a more robust version, D-CAPTCHA++, to defend against fake calls. Specifically, we first expose the vulnerability of the D-CAPTCHA system under transferable imperceptible adversarial attack. Secondly, we mitigate such vulnerability by improving the robustness of the system by using adversarial training in D-CAPTCHA deepfake detectors and task classifiers.

查看原文本刊更多论文

D-CAPTCHA++：Deepfake 验证码在可转移不可感知对抗性攻击下的复原力研究

人工智能生成技术的进步使声音合成模型得以改进，包括文本到语音和语音转换。这引发了人们对其可能被滥用于社会操纵和政治干预的担忧，因为合成语音已经无法与自然人的语音相区分。一些语音生成程序被用于恶意目的，特别是通过电话冒充个人。因此，检测虚假音频对于维护社会安全和信息完整性至关重要。最近的研究提出了一种基于挑战-响应协议的 D-CAPTCHA 系统，用于区分虚假电话和真实电话。在这项工作中，我们研究了该系统的弹性，并推出了一个更稳健的版本--D-CAPTCHA++，以抵御虚假电话。具体来说，我们首先揭示了 D-CAPTCHA 系统在可转移、可感知的对抗性攻击下的脆弱性。其次，我们通过在 D-CAPTCHA 深度假冒检测器和任务分类器中使用对抗训练来提高系统的鲁棒性，从而缓解这种脆弱性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - EE - Audio and Speech Processing

自引率

0.00%

发文量