Generating Adversarial Texts for Recurrent Neural Networks

Chang Liu; Wang Lin; Zhengfeng Yang

doi:10.1007/978-3-030-61609-0_4

Generating Adversarial Texts for Recurrent Neural Networks

Chang Liu, Wang Lin, Zhengfeng Yang

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Adversarial examples have received increasing attention recently due to their significant values in evaluating and improving the robustness of deep neural networks. Existing adversarial attack algorithms have achieved good result for most images. However, those algorithms cannot be directly applied to texts as the text data is discrete in nature. In this paper, we extend two state-of-the-art attack algorithms, PGD and C&W, to craft adversarial text examples for RNN-based models. For Extend-PGD attack, it identifies the words that are important for classification by computing the Jacobian matrix of the classifier, to effectively generate adversarial text examples. For Extend-C&W attack, it utilizes regularization to minimize the alteration of the original input text. We conduct comparison experiments on two recurrent neural networks trained for classifying texts in two real-world datasets. Experimental results show that our Extend-PGD and Extend-C&W attack algorithms have advantages of attack success rate and semantics-preserving ability, respectively.

Original language	English
Title of host publication	Artificial Neural Networks and Machine Learning – ICANN 2020 - 29th International Conference on Artificial Neural Networks, Proceedings
Editors	Igor Farkaš, Paolo Masulli, Stefan Wermter
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	39-51
Number of pages	13
ISBN (Print)	9783030616083
DOIs	https://doi.org/10.1007/978-3-030-61609-0_4
State	Published - 2020
Event	29th International Conference on Artificial Neural Networks, ICANN 2020 - Bratislava, Slovakia Duration: 15 Sep 2020 → 18 Sep 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12396 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	29th International Conference on Artificial Neural Networks, ICANN 2020
Country/Territory	Slovakia
City	Bratislava
Period	15/09/20 → 18/09/20

Keywords

Adversarial text
C&W
PGD
Recurrent neural network

Access to Document

10.1007/978-3-030-61609-0_4

Cite this

Liu, C., Lin, W., & Yang, Z. (2020). Generating Adversarial Texts for Recurrent Neural Networks. In I. Farkaš, P. Masulli, & S. Wermter (Eds.), Artificial Neural Networks and Machine Learning – ICANN 2020 - 29th International Conference on Artificial Neural Networks, Proceedings (pp. 39-51). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12396 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-61609-0_4

Liu, Chang ; Lin, Wang ; Yang, Zhengfeng. / Generating Adversarial Texts for Recurrent Neural Networks. Artificial Neural Networks and Machine Learning – ICANN 2020 - 29th International Conference on Artificial Neural Networks, Proceedings. editor / Igor Farkaš ; Paolo Masulli ; Stefan Wermter. Springer Science and Business Media Deutschland GmbH, 2020. pp. 39-51 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d6579b7122a14083b1ebb953dc543468,

title = "Generating Adversarial Texts for Recurrent Neural Networks",

abstract = "Adversarial examples have received increasing attention recently due to their significant values in evaluating and improving the robustness of deep neural networks. Existing adversarial attack algorithms have achieved good result for most images. However, those algorithms cannot be directly applied to texts as the text data is discrete in nature. In this paper, we extend two state-of-the-art attack algorithms, PGD and C\&W, to craft adversarial text examples for RNN-based models. For Extend-PGD attack, it identifies the words that are important for classification by computing the Jacobian matrix of the classifier, to effectively generate adversarial text examples. For Extend-C\&W attack, it utilizes regularization to minimize the alteration of the original input text. We conduct comparison experiments on two recurrent neural networks trained for classifying texts in two real-world datasets. Experimental results show that our Extend-PGD and Extend-C\&W attack algorithms have advantages of attack success rate and semantics-preserving ability, respectively.",

keywords = "Adversarial text, C\&W, PGD, Recurrent neural network",

author = "Chang Liu and Wang Lin and Zhengfeng Yang",

note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.; 29th International Conference on Artificial Neural Networks, ICANN 2020 ; Conference date: 15-09-2020 Through 18-09-2020",

year = "2020",

doi = "10.1007/978-3-030-61609-0\_4",

language = "英语",

isbn = "9783030616083",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "39--51",

editor = "Igor Farka{\v s} and Paolo Masulli and Stefan Wermter",

booktitle = "Artificial Neural Networks and Machine Learning – ICANN 2020 - 29th International Conference on Artificial Neural Networks, Proceedings",

address = "德国",

}

Liu, C, Lin, W & Yang, Z 2020, Generating Adversarial Texts for Recurrent Neural Networks. in I Farkaš, P Masulli & S Wermter (eds), Artificial Neural Networks and Machine Learning – ICANN 2020 - 29th International Conference on Artificial Neural Networks, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12396 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 39-51, 29th International Conference on Artificial Neural Networks, ICANN 2020, Bratislava, Slovakia, 15/09/20. https://doi.org/10.1007/978-3-030-61609-0_4

Generating Adversarial Texts for Recurrent Neural Networks. / Liu, Chang; Lin, Wang; Yang, Zhengfeng.
Artificial Neural Networks and Machine Learning – ICANN 2020 - 29th International Conference on Artificial Neural Networks, Proceedings. ed. / Igor Farkaš; Paolo Masulli; Stefan Wermter. Springer Science and Business Media Deutschland GmbH, 2020. p. 39-51 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12396 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Generating Adversarial Texts for Recurrent Neural Networks

AU - Liu, Chang

AU - Lin, Wang

AU - Yang, Zhengfeng

PY - 2020

Y1 - 2020

N2 - Adversarial examples have received increasing attention recently due to their significant values in evaluating and improving the robustness of deep neural networks. Existing adversarial attack algorithms have achieved good result for most images. However, those algorithms cannot be directly applied to texts as the text data is discrete in nature. In this paper, we extend two state-of-the-art attack algorithms, PGD and C&W, to craft adversarial text examples for RNN-based models. For Extend-PGD attack, it identifies the words that are important for classification by computing the Jacobian matrix of the classifier, to effectively generate adversarial text examples. For Extend-C&W attack, it utilizes regularization to minimize the alteration of the original input text. We conduct comparison experiments on two recurrent neural networks trained for classifying texts in two real-world datasets. Experimental results show that our Extend-PGD and Extend-C&W attack algorithms have advantages of attack success rate and semantics-preserving ability, respectively.

AB - Adversarial examples have received increasing attention recently due to their significant values in evaluating and improving the robustness of deep neural networks. Existing adversarial attack algorithms have achieved good result for most images. However, those algorithms cannot be directly applied to texts as the text data is discrete in nature. In this paper, we extend two state-of-the-art attack algorithms, PGD and C&W, to craft adversarial text examples for RNN-based models. For Extend-PGD attack, it identifies the words that are important for classification by computing the Jacobian matrix of the classifier, to effectively generate adversarial text examples. For Extend-C&W attack, it utilizes regularization to minimize the alteration of the original input text. We conduct comparison experiments on two recurrent neural networks trained for classifying texts in two real-world datasets. Experimental results show that our Extend-PGD and Extend-C&W attack algorithms have advantages of attack success rate and semantics-preserving ability, respectively.

KW - Adversarial text

KW - C&W

KW - PGD

KW - Recurrent neural network

UR - https://www.scopus.com/pages/publications/85096567765

U2 - 10.1007/978-3-030-61609-0_4

DO - 10.1007/978-3-030-61609-0_4

M3 - 会议稿件

AN - SCOPUS:85096567765

SN - 9783030616083

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 39

EP - 51

BT - Artificial Neural Networks and Machine Learning – ICANN 2020 - 29th International Conference on Artificial Neural Networks, Proceedings

A2 - Farkaš, Igor

A2 - Masulli, Paolo

A2 - Wermter, Stefan

PB - Springer Science and Business Media Deutschland GmbH

T2 - 29th International Conference on Artificial Neural Networks, ICANN 2020

Y2 - 15 September 2020 through 18 September 2020

ER -

Liu C, Lin W, Yang Z. Generating Adversarial Texts for Recurrent Neural Networks. In Farkaš I, Masulli P, Wermter S, editors, Artificial Neural Networks and Machine Learning – ICANN 2020 - 29th International Conference on Artificial Neural Networks, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 39-51. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-61609-0_4

Generating Adversarial Texts for Recurrent Neural Networks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this