benchmark 2026

Probabilistic Verification of Voice Anti-Spoofing Models

Evgeny Kushnir 1,2,3, Alexandr Kozodaev 4, Dmitrii Korzh 1,5, Mikhail Pautov 1,6, Oleg Kiriukhin 7, Oleg Y. Rogov 1,3,5

1 AXXX

2 HSE

3 Applied AI Institute

4 Central University

5 MTUCI

6 Trusted AI Research Center

7 City University of Hong Kong

0 citations
α

Published on arXiv

2603.10713

Output Integrity Attack

OWASP ML Top 10 — ML09

Key Finding

PV-VASM yields certified upper bounds on misclassification probability for voice anti-spoofing models in a black-box, model-agnostic manner, generalizing to unseen TTS and VC systems without requiring white-box access.

PV-VASM

Novel technique introduced

Recent advances in generative models have amplified the risk of malicious misuse of speech synthesis technologies, enabling adversaries to impersonate target speakers and access sensitive resources. Although speech deepfake detection has progressed rapidly, most existing countermeasures lack formal robustness guarantees or fail to generalize to unseen generation techniques. We propose PV-VASM, a probabilistic framework for verifying the robustness of voice anti-spoofing models (VASMs). PV-VASM estimates the probability of misclassification under text-to-speech (TTS), voice cloning (VC), and parametric signal transformations. The approach is model-agnostic and enables robustness verification against unseen speech synthesis techniques and input perturbations. We derive a theoretical upper bound on the error probability and validate the method across diverse experimental settings, demonstrating its effectiveness as a practical robustness verification tool.

Key Contributions

  • PV-VASM: a model-agnostic probabilistic framework that estimates upper bounds on VASM misclassification probability under TTS, voice cloning, and signal transformations
  • Theoretical derivation of error probability bounds using probabilistic concentration inequalities, with practical parameter selection procedures
  • Empirical validation across diverse TTS/VC systems and audio conditions, demonstrating generalization to unseen speech synthesis techniques

🛡️ Threat Analysis

Output Integrity Attack

Voice anti-spoofing models are speech deepfake detectors — AI-generated audio content detection systems explicitly covered under ML09. The paper's primary contribution is a robustness verification framework (PV-VASM) that formally bounds the probability that a VASM fails to detect TTS/VC-synthesized audio, directly addressing output integrity and authenticity of AI-generated speech content.

Details

Domains
audio
Model Types
transformergenerative
Threat Tags
black_boxinference_time
Datasets
ASVspoofADD
Applications
voice anti-spoofingspeech deepfake detectionspeaker verification
Read PDF arXiv

Similar Papers

benchmark

Why Speech Deepfake Detectors Won't Generalize: The Limits of Detection in an Open World

2025 0 cit.
Output Integrity Attack
90%
benchmark

Speech DF Arena: A Leaderboard for Speech DeepFake Detection Models

2025 0 cit.
Output Integrity Attack
82%
benchmark

Bona fide Cross Testing Reveals Weak Spot in Audio Deepfake Detection Systems

2025 0 cit.
Output Integrity Attack
82%
benchmark

How to Label Resynthesized Audio: The Dual Role of Neural Audio Codecs in Audio Deepfake Detection

2026 0 cit.
Output Integrity Attack
82%
benchmark

SCDF: A Speaker Characteristics DeepFake Speech Dataset for Bias Analysis

2025 0 cit.
Output Integrity Attack
80%
benchmark

Toward Noise-Aware Audio Deepfake Detection: Survey, SNR-Benchmarks, and Practical Recipes

2025 0 cit.
Output Integrity Attack
80%
benchmark

On Deepfake Voice Detection -- It's All in the Presentation

2025 1 cit.
Output Integrity Attack
80%
benchmark

The Impact of Audio Watermarking on Audio Anti-Spoofing Countermeasures

2025 0 cit.
Output Integrity Attack
80%