Audio DeepFakes (DF) are artificially generated utterances created using deep learning, with the primary aim of fooling the listeners in a highly convincing manner. Their quality is sufficient to pose a severe threat in terms of security and privacy, including the reliability of news or defamation. Multiple neural network-based methods to detect generated speech have been proposed to prevent the threats. In this work, we cover the topic of adversarial attacks, which decrease the performance of detectors by adding superficial (difficult to spot by a human) changes to input data. Our contribution contains evaluating the robustness of 3 detection architectures against adversarial attacks in two scenarios (white-box and using transferability) and enhancing it later by using adversarial training performed by our novel adaptive training. Moreover, one of the investigated architectures is RawNet3, which, to the best of our knowledge, we adapted for the first time to DeepFake detection.

翻译：音频深度伪造（Audio DeepFakes, DF）是通过深度学习生成的合成语音，其主要目的是以高度逼真的方式欺骗听众。其质量足以在安全与隐私层面构成严重威胁，包括新闻可信度及诽谤问题。为防止此类威胁，研究者已提出多种基于神经网络的生成语音检测方法。本文聚焦对抗攻击这一主题——通过向输入数据添加人类难以察觉的细微扰动，导致检测器性能下降。我们的贡献包括：评估三种检测架构在两种场景（白盒攻击与基于迁移性的攻击）下对抗攻击的鲁棒性，并通过采用本研究所提出的自适应训练方法进行对抗训练来增强鲁棒性。此外，我们首次将RawNet3架构（据我们所知）适配应用于深度伪造检测。