English

DeePen: Penetration Testing for Audio Deepfake Detection

Cryptography and Security 2026-05-14 v3 Artificial Intelligence Sound Audio and Speech Processing

Abstract

Deepfakes - manipulated or forged audio and video media - pose significant security risks to individuals, organizations, and society at large. To address these challenges, machine learning-based classifiers are commonly employed to detect deepfake content. In this paper, we assess the robustness of such classifiers through a systematic penetration testing methodology, which we introduce as DeePen. Our approach operates without prior knowledge of or access to the target deepfake detection models. Instead, it leverages a set of carefully selected signal processing modifications - referred to as attacks - to evaluate model vulnerabilities. Using DeePen, we analyze both real-world production systems and publicly available academic model checkpoints, demonstrating that all tested systems exhibit weaknesses and can be reliably deceived by simple manipulations such as time-stretching or echo addition. Furthermore, our findings reveal that while some attacks can be mitigated by retraining detection systems with knowledge of the specific attack, others remain persistently effective.

Keywords

Cite

@article{arxiv.2502.20427,
  title  = {DeePen: Penetration Testing for Audio Deepfake Detection},
  author = {Nicolas Müller and Piotr Kawa and Adriana Stan and Thien-Phuc Doan and Souhwan Jung and Wei Herng Choong and Philip Sperl and Konstantin Böttinger},
  journal= {arXiv preprint arXiv:2502.20427},
  year   = {2026}
}
R2 v1 2026-06-28T22:00:43.323Z