Automatic speaker verification (ASV) is a well developed technology for biometric identification, and has been ubiquitous implemented in security-critic applications, such as banking and access control. However, previous works have shown that ASV is under the radar of adversarial attacks, which are very similar to their original counterparts from human's perception, yet will manipulate the ASV render wrong prediction. Due to the very late emergence of adversarial attacks for ASV, effective countermeasures against them are limited. Given that the security of ASV is of high priority, in this work, we propose the idea of "voting for the right answer" to prevent risky decisions of ASV in blind spot areas, by employing random sampling and voting. Experimental results show that our proposed method improves the robustness against both the limited-knowledge attackers by pulling the adversarial samples out of the blind spots, and the perfect-knowledge attackers by introducing randomness and increasing the attackers' budgets.

翻译：自动扬声器核查(ASV)是生物鉴别技术,在银行和出入控制等安全-批评应用中普遍应用,但是,以前的工作表明,ASV处于对抗性攻击的雷达之下,这种攻击与最初的对口攻击非常相似,但根据人类的观念,操纵ASV会作出错误的预测。由于对ASV的对抗性攻击很晚才出现,因此,有效的反制措施是有限的。鉴于ASV的安全是高度优先事项,我们在此工作中提出“投票支持正确答案”的想法,通过随机抽样和投票,防止在盲点地区作出ASV的危险决定。实验结果表明,我们提出的方法通过将对抗性攻击者标本从盲点拉出来,通过引入随机性和增加攻击者的预算来增强对攻击者完全知情者的强大性。