Abstract
Solutions for defending against deepfake speech fall into two categories: proactive watermarking models and passive conventional deepfake detectors. While both address common threats, their differences in training, optimization, and evaluation prevent a unified protocol for joint evaluation and selecting the best solutions for different cases. This work proposes a framework to evaluate both model types in deepfake speech detection. To ensure fair comparison and minimize discrepancies, all models were trained and tested on common datasets, with performance evaluated using a shared metric. We also analyze their robustness against various adversarial attacks, showing that different models exhibit distinct vulnerabilities to different speech attribute distortions. Our training and evaluation code is available at Github.
Abstract (translated)
针对深度伪造语音的防御解决方案可以分为两类:主动水印模型和被动的传统深度伪造检测器。虽然这两类方法都能应对常见的威胁,但由于它们在训练、优化和评估方面的差异,无法实现统一的联合评价协议以选择最适合不同情况的最佳方案。这项工作提出了一种框架来评估这两种类型模型在深度伪造语音识别中的表现。 为了确保公平比较并最小化差异,在使用公共数据集对所有模型进行训练和测试时,我们采用了共享的性能评估指标。此外,我们还分析了这些模型面对各种对抗性攻击时的鲁棒性,并发现不同的模型在不同语音属性扭曲下的脆弱性有所不同。我们的训练和评估代码可在Github上获取。
URL
https://arxiv.org/abs/2506.14398
