The increasing prevalence of audio deepfakes poses significant security threats, necessitating robust detection methods. While existing detection systems exhibit promise, their robustness against malicious audio manipulations remains underexplored. To bridge the gap, we undertake the first comprehensive study of the susceptibility of the most widely adopted audio deepfake detectors to manipulation attacks. Surprisingly, even manipulations like volume control can significantly bypass detection without affecting human perception. To address this, we propose CLAD (Contrastive Learning-based Audio deepfake Detector) to enhance the robustness against manipulation attacks. The key idea is to incorporate contrastive learning to minimize the variations introduced by manipulations, therefore enhancing detection robustness. Additionally, we incorporate a length loss, aiming to improve the detection accuracy by clustering real audios more closely in the feature space. We comprehensively evaluated the most widely adopted audio deepfake detection models and our proposed CLAD against various manipulation attacks. The detection models exhibited vulnerabilities, with FAR rising to 36.69%, 31.23%, and 51.28% under volume control, fading, and noise injection, respectively. CLAD enhanced robustness, reducing the FAR to 0.81% under noise injection and consistently maintaining an FAR below 1.63% across all tests. Our source code and documentation are available in the artifact repository (https://github.com/CLAD23/CLAD).

翻译：音频深度伪造的日益普及带来了严重的安全威胁，亟需鲁棒的检测方法。尽管现有检测系统展现出一定潜力，但其对恶意音频操作的鲁棒性尚未得到充分研究。为填补这一空白，我们首次系统研究了最广泛采用的音频深度伪造检测器对操作攻击的敏感性。令人惊讶的是，即使如音量控制等操作也能在不影响人类感知的情况下显著绕过检测。为此，我们提出CLAD（基于对比学习的音频深度伪造检测器）以增强对操作攻击的鲁棒性。其核心思路是引入对比学习来最小化操作引入的变异，从而提升检测鲁棒性。此外，我们引入了长度损失，旨在通过使真实音频在特征空间中更紧密地聚类来提高检测准确性。我们全面评估了最广泛采用的音频深度伪造检测模型及所提CLAD在各类操作攻击下的表现。检测模型存在脆弱性，在音量控制、渐弱和噪声注入下错误接受率分别上升至36.69%、31.23%和51.28%。CLAD增强了鲁棒性，将噪声注入下的错误接受率降低至0.81%，并在所有测试中持续保持错误接受率低于1.63%。我们的源代码及文档已存放于制品仓库（https://github.com/CLAD23/CLAD）。