Does Audio Deepfake Detection Generalize?
Nicolas M. Müller, Pavel Czempin, Franziska Dieckmann, Adam Froghyar, Konstantin Böttinger
TL;DR
This work interrogates why audio deepfake detectors succeed and whether reported gains generalize beyond lab benchmarks. By re-implementing twelve state-of-the-art architectures under a unified evaluation, the authors isolate the effects of preprocessing, feature choice, and input length, revealing that cqtspec or logspec features outperform melspec by about 37% on average and that full-length audio typically yields better performance than fixed 4-second clips. They also introduce a new in-the-wild dataset with 37.9 hours of real and fake celebrity/politician audio to test generalization, finding serious degradation (up to 1000% increases in EER) compared to ASVspoof benchmarks, suggesting current detectors overfit lab data. The results underscore the need for broader evaluation and more robust features when deploying audio deepfake detection in real-world settings.
Abstract
Current text-to-speech algorithms produce realistic fakes of human voices, making deepfake detection a much-needed area of research. While researchers have presented various techniques for detecting audio spoofs, it is often unclear exactly why these architectures are successful: Preprocessing steps, hyperparameter settings, and the degree of fine-tuning are not consistent across related work. Which factors contribute to success, and which are accidental? In this work, we address this problem: We systematize audio spoofing detection by re-implementing and uniformly evaluating architectures from related work. We identify overarching features for successful audio deepfake detection, such as using cqtspec or logspec features instead of melspec features, which improves performance by 37% EER on average, all other factors constant. Additionally, we evaluate generalization capabilities: We collect and publish a new dataset consisting of 37.9 hours of found audio recordings of celebrities and politicians, of which 17.2 hours are deepfakes. We find that related work performs poorly on such real-world data (performance degradation of up to one thousand percent). This may suggest that the community has tailored its solutions too closely to the prevailing ASVSpoof benchmark and that deepfakes are much harder to detect outside the lab than previously thought.
