Table of Contents
Fetching ...

SpecWav-Attack: Leveraging Spectrogram Resizing and Wav2Vec 2.0 for Attacking Anonymized Speech

Yuqi Li, Yuanzhong Zheng, Zhongtian Guo, Yaoxuan Wang, Jianjun Yin, Haojun Fei

TL;DR

The paper addresses the vulnerability of anonymized speech to speaker-attack models by introducing SpecWav-Attack, which combines ECAPA-TDNN with Wav2Vec 2.0 embeddings, spectrogram resizing, and SR-based data augmentation. A two-stage incremental training regime, paired with 1024-dimensional Wav2Vec2 features, yields improved robustness and lower Equal Error Rate ($EER$) on LibriSpeech dev/test compared to conventional attacks. The results reveal notable leaks in anonymization, including significant reductions in $EER$ (e.g., 13.82% for T10-2), underscoring the need for stronger defenses and providing a benchmark aligned with the ICASSP 2025 Attacker Challenge. Overall, the work emphasizes practical risks in voice privacy and contributes a high-performance adversarial method for evaluating anonymization schemes.

Abstract

This paper presents SpecWav-Attack, an adversarial model for detecting speakers in anonymized speech. It leverages Wav2Vec2 for feature extraction and incorporates spectrogram resizing and incremental training for improved performance. Evaluated on librispeech-dev and librispeech-test, SpecWav-Attack outperforms conventional attacks, revealing vulnerabilities in anonymized speech systems and emphasizing the need for stronger defenses, benchmarked against the ICASSP 2025 Attacker Challenge.

SpecWav-Attack: Leveraging Spectrogram Resizing and Wav2Vec 2.0 for Attacking Anonymized Speech

TL;DR

The paper addresses the vulnerability of anonymized speech to speaker-attack models by introducing SpecWav-Attack, which combines ECAPA-TDNN with Wav2Vec 2.0 embeddings, spectrogram resizing, and SR-based data augmentation. A two-stage incremental training regime, paired with 1024-dimensional Wav2Vec2 features, yields improved robustness and lower Equal Error Rate () on LibriSpeech dev/test compared to conventional attacks. The results reveal notable leaks in anonymization, including significant reductions in (e.g., 13.82% for T10-2), underscoring the need for stronger defenses and providing a benchmark aligned with the ICASSP 2025 Attacker Challenge. Overall, the work emphasizes practical risks in voice privacy and contributes a high-performance adversarial method for evaluating anonymization schemes.

Abstract

This paper presents SpecWav-Attack, an adversarial model for detecting speakers in anonymized speech. It leverages Wav2Vec2 for feature extraction and incorporates spectrogram resizing and incremental training for improved performance. Evaluated on librispeech-dev and librispeech-test, SpecWav-Attack outperforms conventional attacks, revealing vulnerabilities in anonymized speech systems and emphasizing the need for stronger defenses, benchmarked against the ICASSP 2025 Attacker Challenge.
Paper Structure (7 sections, 3 figures, 1 table)

This paper contains 7 sections, 3 figures, 1 table.

Figures (3)

  • Figure 1: Training loss changes with epoch
  • Figure 2: Validating loss changes with epoch
  • Figure 3: SpecWav-Attack Architecture: Stage one represents the first 10 epochs of training, and stage two represents 10-12 epochs of training. In this stage, the training set is replaced with the augmented dataset.