Benchmarking Fake Voice Detection in the Fake Voice Generation Arms Race
Xutao Mao, Ke Li, Cameron Baird, Ezra Xuanru Tao, Dan Lin
TL;DR
The paper tackles the misalignment between real-world spoofing threats and evaluation benchmarks by proposing an ecosystem-level, one-to-one benchmark across $17$ generators and $8$ detectors, supplemented by unified scoring for both sides. Through cross-domain evaluation spanning traditional vocoder pipelines, end-to-end TTS, and neural audio codec language models, it reveals that neural-codec and flow-matching generators consistently evade top detectors and that no detector remains universally robust. The study introduces a rigorous threat model, diverse datasets, and a Detector Overall Score $S_i$ that balances empirical performance and model complexity, highlighting pronounced generalization gaps under distribution shifts. The findings underscore the need for robust, generalizable detectors and security-aware generator design to advance the safety of the voice ecosystem in the face of increasingly realistic synthetic audio.
Abstract
The rapid advancement of fake voice generation technology has ignited a race with detection systems, creating an urgent need to secure the audio ecosystem. However, existing benchmarks suffer from a critical limitation: they typically aggregate diverse fake voice samples into a single dataset for evaluation. This practice masks method-specific artifacts and obscures the varying performance of detectors against different generation paradigms, preventing a nuanced understanding of their true vulnerabilities. To address this gap, we introduce the first ecosystem-level benchmark that systematically evaluates the interplay between 17 state-of-the-art fake voice generators and 8 leading detectors through a novel one-to-one evaluation protocol. This fine-grained analysis exposes previously hidden vulnerabilities and sensitivities that are missed by traditional aggregated testing. We also propose unified scoring systems to quantify both the evasiveness of generators and the robustness of detectors, enabling fair and direct comparisons. Our extensive cross-domain evaluation reveals that modern generators, particularly those based on neural audio codecs and flow matching, consistently evade top-tier detectors. We found that no single detector is universally robust; their effectiveness varies dramatically depending on the generator's architecture, highlighting a significant generalization gap in current defenses. This work provides a more realistic assessment of the threat landscape and offers actionable insights for building the next generation of detection systems.