Lea Schönherr


I am a tenure track faculty at CISPA Helmholtz Center for Information Security interested in information security with a focus on adversarial machine learning . Before that I was working at Ruhr University Bochum (RUB), Germany, in the DFG Cluster of Excellence “Cyber Security in the Age of Large-Scale Adversaries“ (CASA).


My research includes all kinds of attacks against machine learning models, including adversarial examples and poisoning attacks with a focus on signal-driven input data like audio and speech by utilizing approaches based on signal processing. I aim to develop domain-adaptive detection mechanisms and countermeasures, e.g., for Deepfakes and adversarial examples.


During my Ph.D., I focused on the robustness of neural networks and the security of speech-based systems. I received my Ph.D. in 2021 from Ruhr University Bochum, where I was advised by Prof. Dr.-Ing. Dorothea Kolossa at the Cognitive Signal Processing group at Ruhr University Bochum (RUB), Germany. I received two scholarships from UbiCrypt (DFG Research Training Group) and CASA (DFG Cluster of Excellence).


I obtained my Master's degree in Electrical Engineering and Information Technology at RUB in 2015 after graduating from the University of Applied Science in Mannheim in Biomedical Engineering.




Hossein Hajipour, Thorsten Holz, Lea Schönherr, and Mario Fritz

Systematically Finding Security Vulnerabilities in Black-Box Code Generation Models

ArXiv    [Paper] [BibTex]

David Pape, Sina Däubener, Thorsten Eisenhofer, Antonio Emanuele Cinà, and Lea Schönherr

On the Limitations of Model Stealing with Uncertainty Quantification Models

European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning (ESANN)    [Paper] [BibTex]

Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, and Thorsten Holz

Drone Security and the Mysterious Case of DJI’s DroneID

Network and Distributed System Security Symposium (NDSS)    [Paper] [BibTex]

Hojjat Aghakhani, Thorsten Eisenhofer, Lea Schönherr, Dorothea Kolossa, Thorsten Holz, Christopher Kruegel, and Giovanni Vigna

VENOMAVE: Clean-Label Poisoning Against Speech Recognition

Secure and Trustworthy Machine Learning (SatML)    [Paper] [BibTex]


Timm Koppelmann, Luca Becker, Alexandru Nelus, Rene Glitza, Lea Schönherr, and Rainer Martin

Clustering-based Wake Word Detection in Privacy-aware Acoustic Sensor Networks

INTERSPEECH    [Paper] [BibTex]

Lea Schönherr, Maximilian Golla, Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, and Thorsten Holz

Exploring Accidental Triggers of Smart Speakers

Computer Speech & Language    [Paper] [Website] [BibTex]


Joel Frank and Lea Schönherr

WaveFake: A Data Set to Facilitate Audio DeepFake Detection

NeurIPS Datasets and Benchmarks Track    [Paper][Code] [Talk] [BibTex]

Thorsten Eisenhofer, Lea Schönherr, Joel Frank, Lars Speckemeier, Dorothea Kolossa, and Thorsten Holz

Dompteur: Taming Audio Adversarial Examples

USENIX Security Symposium    [Paper] [Code] [Talk] [BibTex]

Lea Schönherr

Adverarially Robust Speech and Speaker Recognition

Ruhr University Bochum   [Dissertation] [BibTex]

Timm Koppelmann, Alexandru Nelus, Lea Schönherr, Dorothea Kolossa, and Rainer Martin

Privacy-Preserving Feature Extraction for Cloud-Based Wake Word Verification

INTERSPEECH    [Paper] [BibTex]


Joel Frank, Thorsten Eisenhofer, Lea Schönherr, Asja Fischer, Dorothea Kolossa, and Thorsten Holz

Leveraging Frequency Analysis for Deep Fake Image Recognition

ICML    [Paper] [Code] [Talk] [BibTex]

Lea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, and Dorothea Kolossa

Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems

ACSAC    [Paper] [Talk] [BibTex]

Sina Däubener, Lea Schönherr, Asja Fischer, and Dorothea Kolossa

Detecting Adversarial Examples for Speech Recognition via Uncertainty Quantification

INTERSPEECH    [Paper] [Code] [BibTex]

Jan Freiwald, Lea Schönherr, Christopher Schymura, Steffen Zeiler, and Dorothea Kolossa

Loss Functions for Deep Monaural Speech Enhancement

IJCNN    [Paper] [BibTex]


Lea Schönherr, Katharina Kohls, Steffen Zeiler, Thorsten Holz, and Dorothea Kolossa

Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding

Network and Distributed System Security Symposium (NDSS)    [Paper] [Website] [Code] [Talk] [BibTex]


Lea Schönherr, Steffen Zeiler, and Dorothea Kolossa

Spoofing Detection via Simultaneous Verification of Audio-Visual Synchronicity and Transcription

ASRU    [Paper] [BibTex]


Lea Schönherr, Dennis Orth, Martin Heckmann, and Dorothea Kolossa

Environmentally Robust Audio-Visual Speaker Identification

SLT    [Paper] [BibTex]