Transferable Adversarial Attacks on Audio Deepfake Detection

Muhammad Umar Farooq, Awais Khan, Kutub Uddin, Khalid Mahmood Malik; Proceedings of the Winter Conference on Applications of Computer Vision (WACV) Workshops, 2025, pp. 1640-1649

Audio deepfakes pose significant threats including impersonation fraud and reputation damage. To address these risks audio deepfake detection (ADD) techniques have been developed demonstrating success on benchmarks like ASVspoof2019. However their resilience against transferable adversarial attacks remains largely unexplored. In this paper we introduce a transferable GAN-based adversarial attack framework to evaluate the effectiveness of state-of-the-art (SOTA) ADD systems. By leveraging an ensemble of surrogate ADD models and a discriminator the proposed approach generates transferable adversarial attacks that better reflect real-world scenarios. Unlike previous methods the proposed framework incorporates a self-supervised audio model to ensure transcription and perceptual integrity resulting in high-quality adversarial attacks. Experimental results on benchmark dataset reveal that SOTA ADD systems exhibit significant vulnerabilities with accuracies dropping from 98% to 26% 92% to 54% and 94% to 84% in white-box gray-box and black-box scenarios respectively. When tested in other data sets performance drops of 91% to 46% and 94% to 67% were observed against the In-the-Wild and WaveFake data sets respectively. These results highlight the significant vulnerabilities of existing ADD systems and emphasize the need to enhance their robustness against advanced adversarial threats to ensure security and reliability.