Evasion attacks pose significant threats to AI systems, exploiting vulnerabilities in machine learning models to bypass detection mechanisms. The widespread use of voice data, including deepfakes, in promising future industries is currently hindered by insufficient legal frameworks. Adversarial attack methods have emerged as the most effective countermeasure against the indiscriminate use of such data. This research introduces masked energy perturbation (MEP), a novel approach using power spectrum for energy masking of original voice data. MEP applies masking to small energy regions in the frequency domain before generating adversarial perturbations, targeting areas less noticeable to the human auditory model. The study primarily employs advanced speaker recognition models, including ECAPA-TDNN and ResNet34, which have shown remarkable performance in speaker verification tasks. The proposed MEP method demonstrated strong performance in both audio quality and evasion effectiveness. The energy masking approach effectively minimizes the perceptual evaluation of speech quality (PESQ) degradation, indicating that minimal perceptual distortion occurs to the human listener despite the adversarial perturbations. Specifically, in the PESQ evaluation, the relative performance of the MEP method was 26.68% when compared to the fast gradient sign method (FGSM) and iterative FGSM.

翻译：规避攻击对人工智能系统构成重大威胁，其通过利用机器学习模型中的漏洞来绕过检测机制。包括深度伪造在内的语音数据在具有前景的未来产业中的广泛应用，目前因法律框架不完善而受到阻碍。对抗性攻击方法已成为应对此类数据滥用的最有效对策。本研究提出了一种新颖的掩蔽能量扰动方法，该方法利用功率谱对原始语音数据进行能量掩蔽。MEP在生成对抗性扰动之前，在频域中对小能量区域应用掩蔽，针对人类听觉模型较不敏感的区域。该研究主要采用先进的说话人识别模型，包括ECAPA-TDNN和ResNet34，这些模型在说话人验证任务中已展现出卓越性能。所提出的MEP方法在音频质量和规避效果方面均表现出强劲性能。能量掩蔽方法有效地最小化了语音质量感知评估的下降，表明尽管存在对抗性扰动，对人类听者产生的感知失真极小。具体而言，在PESQ评估中，与快速梯度符号方法和迭代FGSM相比，MEP方法的相对性能为26.68%。