We present Malafide, a universal adversarial attack against automatic speaker verification (ASV) spoofing countermeasures (CMs). By introducing convolutional noise using an optimised linear time-invariant filter, Malafide attacks can be used to compromise CM reliability while preserving other speech attributes such as quality and the speaker's voice. In contrast to other adversarial attacks proposed recently, Malafide filters are optimised independently of the input utterance and duration, are tuned instead to the underlying spoofing attack, and require the optimisation of only a small number of filter coefficients. Even so, they degrade CM performance estimates by an order of magnitude, even in black-box settings, and can also be configured to overcome integrated CM and ASV subsystems. Integrated solutions that use self-supervised learning CMs, however, are more robust, under both black-box and white-box settings.

翻译：我们提出Malafide，一种针对自动说话人验证(ASV)欺骗对抗措施(CMs)的通用对抗性攻击。通过使用优化后的线性时不变滤波器引入卷积噪声，Malafide攻击能够在保持语音质量、说话人嗓音等语音属性的同时，破坏CM的可靠性。与近期提出的其他对抗性攻击不同，Malafide滤波器独立于输入语音及时长进行优化，而是针对底层欺骗攻击进行调参，且仅需优化少量滤波器系数。即便如此，该攻击仍能使CM性能估计降低一个数量级，即使在黑盒设置下也如此，并且可配置为同时突破集成CM与ASV子系统。然而，采用自监督学习CM的集成解决方案在黑盒与白盒设置下均表现出更强的鲁棒性。