Contents
A real-time detector runs the same kind of classifier as an offline one, but on a live stream under a latency budget, which makes it a harder version of the same problem, forced to decide from short windows. For a live voice call it usually runs two checks at once: is the voice synthetic, and is this a live human or a recording played into the microphone?
What makes real-time detection harder than offline?
The constraint is time. Offline, a detector can process a whole utterance and use the features that carry the most signal. Live, it has to decide from a rolling window before the sentence is finished, and the strongest features are exactly the ones that need the full utterance. Phoneme-level models reach 4.27% equal-error rate but pool across the whole utterance to do it (Zhang, Hua, Lan, AAAI 2025), and the per-vowel forensic method needs reference audio and a full recording (Yang, Sun, Lyu, Rose, 2025). Streaming systems fall back on raw-waveform classifiers such as AASIST or RawNet2 over short windows, which sets a lower ceiling than the offline numbers suggest.
Why is “liveness” a separate check?
Because “is this synthetic” and “is this live” are different questions. A convincing recording of a real person is not synthetic at all, yet playing it into a call is still an attack. The ASVspoof challenge formalized this split, running a physical-access scenario for replayed audio alongside the logical-access scenario for synthesis. As its authors put it, automatic speaker verification is “vulnerable to spoofing, also referred to as ‘presentation attacks’” (Wang, Yamagishi, Todisco et al., Computer Speech & Language 2020), and replay is one of the main ones. A live pipeline that only checked for synthesis would wave a genuine recording straight through.
How does a liveness or replay check actually work?
It reads the playback chain. A replayed clip travels loudspeaker to room to microphone, and that path leaves physical tells a direct voice does not have: nonlinear loudspeaker distortion, attenuated low frequencies, and a second room-and-microphone channel layered on the original. Detectors key on those cues, often through constant-Q cepstral coefficients, whose static components carry the replay signature. Using those coefficients, Todisco, Delgado and Evans (2017) report a 1.85% equal error rate on the RedDots-Replayed set. The reason the layer exists is that recognizing a speaker is not the same as knowing they are live: Villalba and Lleida (2011) found that speaker verification alone accepted 68 percent of replays at its error threshold, while a dedicated replay check reached 0 to 9 percent EER by channel condition. In a forensic setting, a second electrical-network-frequency trace in one file is the court-grade sign that a recording was copied.
Why don’t these numbers survive the real world?
Same reason the synthesis detectors do not: they are strong on the hardware they trained on and weak off it. A loudspeaker-distortion replay detector reaches a 97.78 percent true-positive rate in the lab but falls to a floor of roughly 79 to 90 percent on unseen playback equipment (Ren, Fang, Liu, 2019). That is the recurring pattern across this whole field, lab-strong and wild-unproven, echoed in the survey finding of “poor generalization of existing detection methods to unknown fake attacks” (Yi, Wang, Tao et al., 2023). It is why a live system layers a synthesis classifier and a liveness classifier rather than trusting either to be sufficient on its own.
What about live video deepfakes?
The shape of the problem is the same, but the evidence base here is voice. Video systems run frame-level classifiers under the same latency budget, sometimes paired with active cues that check whether a face responds naturally to a prompt. Those active-probing methods are less settled than the audio replay literature, so it is best treated as a parallel, still-maturing area rather than a solved one.
Put together, real-time detection buys you a fast, useful screen for a live call, and the latency budget lowers its ceiling while real-world conditions lower it again. That double discount is the whole reason a serious live pipeline asks two questions instead of one, checking both whether the voice was synthesized and whether it was ever really in the room. A confidence reading from such a system is a running estimate under pressure, not a final ruling, which is the same caution that applies to every detector in this space, set out in are AI detectors accurate.
Sources
- Zhang, Hua, Lan (2025). Phoneme-Level Feature Discrepancies: A Key to Detecting Sophisticated Speech Deepfakes. AAAI 2025.
- Yang, Sun, Lyu, Rose (2025). Forensic Deepfake Audio Detection Using Segmental Speech Features.
- Wang, Yamagishi, Todisco et al. (2020). ASVspoof 2019: A Large-Scale Public Database of Synthesized, Converted and Replayed Speech. Computer Speech & Language 2020.
- Todisco, Delgado, Evans (2017). Constant Q Cepstral Coefficients: A Spoofing Countermeasure for Automatic Speaker Verification. Computer Speech & Language 2017.
- Ren, Fang, Liu (2019). Replay Attack Detection Based on Distortion by Loudspeaker for Voice Authentication. Multimedia Tools and Applications 2019.
- Villalba, Lleida (2011). Detecting Replay Attacks from Far-Field Recordings on Speaker Verification Systems. BioID 2011.
- Jung, Heo, Tak et al. (2022). AASIST: Audio Anti-Spoofing Using Integrated Spectro-Temporal Graph Attention Networks. ICASSP 2022.
- Tak, Patino, Todisco et al. (2021). End-to-End Anti-Spoofing with RawNet2. ICASSP 2021.
- Yi, Wang, Tao et al. (2023). Audio Deepfake Detection: A Survey.