Spoofing attacks imitate a person’s identity in order to gain illegitimate access to sensitive or protected resources. Nowadays, significant advancement in speech technology related to SS and VC techniques poses threat to speech-based biometric systems like automatic speaker verification (ASV) systems . Replay attacks are another form of spoofing attack, where an adversary tries to attack a system using pre-recorded speech accumulated from target speakers . Due to the availability of high-quality, low-cost recording and playback devices, replay attacks are also a serious threat to the voice biometric systems. Several replay spoofing detection approaches such as fixed pass-phrase method, spectral ratio and modulation index were proposed in [3, 4, 5]. A study on cross database evaluation was demonstrated in .
To detect SS and VC attacks, diverse range of feature extraction methods such asmel-frequency cepstral coefficients (MFCCs) cepstral feature , phase features [8, 9, 10], a combination of both amplitude and phase feature , prosodic features  were reported. A concise experimental review of spoofing detection was presented in . While, MFCCs are considered as the standard feature extraction techniques in speech processing, constant Q transform cepstral coefficients (CQCCs) have shown best detection performance, especially for unknown attacks in ASVspoof 2015 corpus . However, it was not implemented for replay attack detection.
Techniques to generate voice converted speech and synthetic speech, made a rapid progress in recent times. Notable among them are joint density-Gaussian mixture model (JD-GMM) , line spectrum pairs (LSP) , MARY text-to-speech synthesis (MARY-TTS) , hidden Markov model (HMM) based TTS  etc. It is not practically possible to anticipate the kind of SS and VC attack all the time to include those types of speeches in the training database. At the same time, it is expected that detection performance will degrade if similar kinds of data are unavailable in the training corpus. The previous studies on spoofing detection do not focus on attack dependency which is the central theme of this work. There are some results generated in recent spoofing challenges with unknown attack types but no exhaustive study is done that can lead to generalization ability of certain training schemes over other for a range of unknown attacks.
In this work, we did a systematic study of attack dependency to discover corresponding generalization ability. We demonstrate the result using conventional MFCCs and newly proposed CQCCs features on GMM-maximum likelihood (GMM-ML) framework. It is found that GMM-ML as a classifier is better suited for spoofing detection task . We have experimented on two recent databases: ASVspoof 2015, developed as a part of Automatic Speaker Verification Spoofing and Countermeasure Challenge  and BTAS 2016 corpus in Speaker Anti-spoofing Competition . BTAS 2016 introduces more realistic replay attacks compared to ASVspoof database. Our study shows the generalization ability of one countermeasure over the other.
2 Generalization Framework
Figure 1 illustrates the spectral characteristics of spoofed signals for diverse attacks. Generalized countermeasure refers to the ability to overcome the attack dependency in the detection process. This dependency signifies the types of attacks that are best represented by a similar pattern in the attack space. It involves a prior knowledge of attack type, which is not a realistic assumption in all the cases. Therefore, the countermeasure system needs to be robust enough to detect an attack even though that type of attack data is not used for training the model. Fig. 2 describes the functional block diagram of a generalized countermeasure framework where we find which kind of training has greater generalization ability.
Initially, we train the models using all types of replay (i.e., genuine, SS and VC samples) and synthetic (SS and VC samples) attacks. Then, we study the impact when one type of spoofing data is not used for modeling the spoofed data.
3 Experimental Setup
3.1 Database Description
ASVspoof 2015: ASVspoof database is created to assess ten different types of SS and VC synthetic speech samples namely S1 to S10 . It includes both the known attacks (S1-S5) and the unknown attacks (S6-S10).
BTAS 2016: BTAS database contains genuine and different kinds of replay attacks where genuine, SS and VC speech samples were played back using high-quality devices. Two new replay unknown attacks (R9 and R10) are introduced in the evaluation data to make it more challenging. The statistics regarding types of attacks and the number of utterances for each dataset are presented in Table 1.
|Replay||Replay LP LP||R1||700||700||800|
|Replay LP HQ LP||R2||700||700||800|
|Replay PH1 LP||R3||700||700||800|
|Replay PH2 LP||R4||700||700||800|
|Replay PH2 PH3||R9||-||-||800|
|Replay LP PH2 PH3||R10||-||-||800|
|SS||SS LP LP||R5||490||490||560|
|SS LP HQ LP||R6||490||490||560|
|VC||VC LP LP||R7||17400||17400||19500|
|VC LP HQ LP||R8||17400||17400||19500|
3.2 Feature Extraction Techniques
Mel-frequency cepstral coefficients (MFCCs): MFCC  feature utilizes mel-scale based triangular filter bank. The power spectrum is integrated using overlapping band-pass filters in the triangular filterbank. We use the configuration reported in .
Constant Q cepstral coefficients (CQCCs):
The constant Q transform (CQT) gives a higher frequency resolution in lower frequencies and a greater temporal resolution in the higher frequency region. A spline interpolation method is applied to resample the geometric frequency scale into a uniform linear scale in order to apply linearly spaced DCT coefficients for CQCC cepstral feature computation.
CQCC feature is implemented with maximum frequency and minimum frequency of . The number of bins per octave is assigned to 96. Speech activity detector (SAD) is not employed as non-speech frames could be helpful for spoofing detection.
3.3 Classifier and Performance Evaluation
We employ GMM-ML classifier for spoofing detection. Two target models and are created from natural and spoofed speech data respectively . The log-likelihood score is calculated as, where is the feature matrix of the test utterance, is the number of frames and is the average log-likelihood of X given GMM model
. We train GMMs with 10 iterations of expectation-maximization (EM) algorithm and 512 mixture components.
Equal error rate (EER) is used as the performance metric to evaluate spoofing attack detection. We use BOSARIS toolkit  to calculate the EER using receiver operating characteristics convex hull (ROCCH) method.
4 Results and Analysis
4.1 Btas 2016
We first conduct an experiment on BTAS 2016 replay spoofing development dataset to investigate the effects of different training data. The aim is to learn the system’s ability to detect spoofed signals generated by various spoofing algorithms that are not incorporated in the training phase. Overall performance evaluation results on eight replay attacks (R1-R8), obtained using conventional MFCC and proposed CQCC feature based countermeasures are reported in Table 2. Due to attack dependency, the performance degrades drastically when one attack type is excluded from training the models and when the system is confronted with the similar type of attack in the system assessment process. We also observe that including direct replay in training helps for both SS and VC but not vice versa. This can be justified by the fact that SS and VC attacks are different whereas replay attacks have high similarity with genuine speech in terms of frequency components and formant trajectories . Consequently, the replay speech characteristics of natural signal cannot be captured properly when they are eliminated from training the models. Interestingly, the static spectral features lead to promising recognition accuracy as opposed to their dynamic counterparts. This is in contrast to previous studies [13, 14].
We perform further experiments for only static features on the evaluation dataset. The overall and individual results are reported in Table 3
. CQCC feature yields superior result in all training conditions. This probably can be explained by the fact that CQCC feature provides higher resolution in lower and higher frequency regions that reflects better human perception system. Thus, they contribute better ability to capture replay characteristics while the models are trained by entire or a specific type of attacks. Furthermore, the pattern in EER values represents similar nature when features from unknown spoofing classes appear in the evaluation phase. It is worthwhile to mention that overall performance is compromised throughout all generalization systems for such unknown attacks (R9-R10). Comparing CQCC feature with MFCC feature, the CQCC feature outperforms other systems reported in with an average EER of 0.76 %.
4.2 ASVspoof 2015
The results of generalized systems on ASVspoof 2015 synthetic spoofing database are reported in Table 4. We train the countermeasure with both and either of the SS and VC attacks. In this study, we find that the dynamic coefficients provide superior performance in detecting synthetic spoofed signals. The results show a large amount of deterioration in performance when a particular attack is not considered in training. Although both MFCC and CQCC features give poor performance, CQCC feature leads to better performance across all cases of generalization scenarios. It is also interesting that for a particular case of generalization (where SS type attack is only used for training), static features give higher recognition accuracy than dynamic features for S1 and S10 attacks. We also notice that best performance for a specific attack is obtained if data from the specific attack type is used in training.
4.3 Cross-corpora Evaluation
The goal of this study has been to check cross-corpora vulnerability in a similar attack dependency framework where ASVspoof 2015 synthetic data is used to model the countermeasure and system performance is evaluated on BTAS 2016 replay evaluation dataset. The cross-corpora evaluations are shown in Table 5. The overall performance is poor as SS and VC data of BTAS 2016 test set consist of replayed version of SS and VC attacks as oppose to the ASVspoof database. An interesting observation is that although replay attacks show poor recognition accuracy, dynamic features convey more distinct information in case of SS and VC attacks. It seems reasonable given that SS and VC based spoofed data are better modeled through dynamic characteristics. This, in turn, enhances the recognition accuracy while detecting replay version of VC and SS spoofed samples. Conventional MFCC feature proves to be more efficient in cross-corpora evaluation, but the performance of unknown attacks is poor for both features.
This work presents first analysis of spoofing countermeasures for attack dependency and generalization. A detailed study on BTAS 2016 with extensive experiments reveals that direct replay data have better generalization capability than SS and VC based replayed data. Results on ASVspoof 2015 demonstrates that VC spoofed data in training can better represent the attack space. The cross-corpora evaluation performance is very poor due to lack of suitable data in training. Our study on both the databases also indicates that both static and dynamic parts of spectral features are useful for detecting spoofing attacks in generalized sense.
This work is partially supported by Indian Space Research Organization (ISRO), Government of India. The paper reflects some results from the OCTAVE Project (#647850), funded by the Research European Agency (REA) of the European Commission, in its framework programme Horizon 2020. The views expressed in this paper are those of the authors and do not engage any official position on the European Commission.
-  Z. Wu, N. Evans, T. Kinnunen, J. Yamagishi, F. Alegre, and H. Li, “Spoofing and countermeasures for speaker verification: a survey,” Speech Communication, vol. 66, pp. 130–153, 2015.
-  J. Lindberg, M. Blomberg et al., “Vulnerability in speaker verification-a study of technical impostor techniques.” in EUROSPEECH, 1999.
-  W. Shang and M. Stevenson, “Score normalization in playback attack detection,” in ICASSP. IEEE, 2010, pp. 1678–1681.
-  J. Villalba and E. Lleida, “Detecting replay attacks from far-field recordings on speaker verification systems,” in Biometrics and ID Management. Springer, 2011, pp. 274–285.
-  ——, “Preventing replay attacks on speaker verification systems,” in Security Technology (ICCST), 2011 IEEE International Carnahan Conference on. IEEE, 2011, pp. 1–8.
-  P. Korshunov and S. Marcel, “Cross-database evaluation of audio-based spoofing detection systems,” in INTERSPEECH, 2016.
-  Z. Wu, C. E. Siong, and H. Li, “Detecting converted speech and natural speech for anti-spoofing attack in speaker recognition.” in INTERSPEECH, 2012.
-  P. L. De Leon, M. Pucher, J. Yamagishi, I. Hernaez, and I. Saratxaga, “Evaluation of speaker verification security and detection of HMM-based synthetic speech,” Audio, Speech, and Language Processing, IEEE Transactions on, vol. 20, no. 8, pp. 2280–2290, 2012.
-  J. Sanchez, I. Saratxaga, I. Hernaez, E. Navas, and D. Erro, “The AHOLAB RPS SSD spoofing challenge 2015 submission,” in INTERSPEECH, 2015, pp. 2042–2046.
-  M. J. Alam, P. Kenny, G. Bhattacharya, and T. Stafylakis, “Development of CRIM system for the automatic speaker verification spoofing and countermeasures challenge 2015,” in INTERSPEECH, 2015.
-  X. Xiao, X. Tian, S. Du, H. Xu, E. S. Chng, and H. Li, “Spoofing speech detection using high dimensional magnitude and phase features: The NTU approach for ASVspoof 2015 challenge,” in INTERSPEECH, 2015.
-  P. L. De Leon, B. Stewart, and J. Yamagishi, “Synthetic speech discrimination using pitch pattern statistics derived from image analysis.” in INTERSPEECH, 2012.
-  M. Sahidullah, T. Kinnunen, and C. Hanilçi, “A comparison of features for synthetic speech detection,” in INTERSPEECH, 2015.
-  M. Todisco, H. Delgado, and N. Evans, “A new feature for automatic speaker verification anti-spoofing: Constant Q cepstral coefficients,” in Speaker Odyssey Workshop, Bilbao, Spain, 2016.
T. Toda, A. W. Black, and K. Tokuda, “Voice conversion based on maximum-likelihood estimation of spectral parameter trajectory,”Audio, Speech, and Language Processing, IEEE Transactions on, vol. 15, no. 8, pp. 2222–2235, 2007.
D. Saito, K. Yamamoto, N. Minematsu, and K. Hirose, “One-to-many voice conversion based on tensor representation of speaker space.” inINTERSPEECH, 2011, pp. 653–656.
-  M. Schröder and J. Trouvain, “The german text-to-speech synthesis system mary: A tool for research, development and teaching,” International Journal of Speech Technology, vol. 6, no. 4, pp. 365–377, 2003.
-  J. Yamagishi, T. Kobayashi, Y. Nakano, K. Ogata, and J. Isogai, “Analysis of speaker adaptation algorithms for hmm-based speech synthesis and a constrained smaplr adaptation algorithm,” IEEE Transactions on Audio, Speech, and Language Processing, vol. 17, no. 1, pp. 66–83, 2009.
-  C. Hanilçi, T. Kinnunen, M. Sahidullah, and A. Sizov, “Classifiers for synthetic speech detection: A comparison,” in INTERSPEECH, 2015.
-  Z. Wu, T. Kinnunen, N. Evans, J. Yamagishi, C. Hanilçi, M. Sahidullah, and A. Sizov, “ASVspoof 2015: the first automatic speaker verification spoofing and countermeasures challenge,” INTERSPEECH, 2015.
-  P. Korshunov, S. Marcel, H. Muckenhirn, A. Gonçalves, A. S. Mello, R. V. Violato, F. Simoes, M. Neto, M. de Assis Angeloni, J. Stuchi, H. Dinkel, N. Chen, Y. Qian, D. Paul, G. Saha, and M. Sahidullah, “Overview of BTAS 2016 speaker anti-spoofing competition,” in Biometrics: Theory, Applications and Systems (BTAS), IEEE, 2016.
-  S. B. Davis and P. Mermelstein, “Comparison of parametric representations for monosyllabic word recognition in continuously spoken sentences,” Acoustics, Speech and Signal Processing, IEEE Transactions on, vol. 28, no. 4, pp. 357–366, 1980.
-  D. Paul, M. Pal, and G. Saha, “Novel speech features for improved detection of spoofing attacks,” in INDICON IEEE, 2015.
-  N. Brümmer and E. de Villiers, “The BOSARIS toolkit: Theory, algorithms and code for surviving the new DCF,” arXiv preprint arXiv:1304.2865, 2013.