SpecWav-Attack: Leveraging Spectrogram Resizing and Wav2Vec 2.0 for Attacking Anonymized Speech
Yuqi Li, Yuanzhong Zheng, Zhongtian Guo, Yaoxuan Wang, Jianjun Yin, Haojun Fei
TL;DR
The paper addresses the vulnerability of anonymized speech to speaker-attack models by introducing SpecWav-Attack, which combines ECAPA-TDNN with Wav2Vec 2.0 embeddings, spectrogram resizing, and SR-based data augmentation. A two-stage incremental training regime, paired with 1024-dimensional Wav2Vec2 features, yields improved robustness and lower Equal Error Rate ($EER$) on LibriSpeech dev/test compared to conventional attacks. The results reveal notable leaks in anonymization, including significant reductions in $EER$ (e.g., 13.82% for T10-2), underscoring the need for stronger defenses and providing a benchmark aligned with the ICASSP 2025 Attacker Challenge. Overall, the work emphasizes practical risks in voice privacy and contributes a high-performance adversarial method for evaluating anonymization schemes.
Abstract
This paper presents SpecWav-Attack, an adversarial model for detecting speakers in anonymized speech. It leverages Wav2Vec2 for feature extraction and incorporates spectrogram resizing and incremental training for improved performance. Evaluated on librispeech-dev and librispeech-test, SpecWav-Attack outperforms conventional attacks, revealing vulnerabilities in anonymized speech systems and emphasizing the need for stronger defenses, benchmarked against the ICASSP 2025 Attacker Challenge.
