TY - GEN
T1 - Generating Natural Language Adversarial Examples Based on the Approximating Top-K Combination Token Substitution
AU - Qiu, Panfeng
AU - Wu, Xi
AU - Zhao, Yongxin
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Deep Neural Networks (DNNs) have been widely used in Natural Language Processing (NLP) applications. However, due to the lack of interpretability, recent studies have shown that the DNN-based models used in NLP are vulnerable to adversarial attacks by adding subtle perturbations into inputs. Among the various existing adversarial attack methods, it is still challenging on how to maintain the high similarity between generated adversarial text and the original text while ensuring both grammatical correctness and semantic preservation. In this paper, we propose a novel attack method based on the approximating Top-K combination token substitution to generate adversarial text. We extend the sequential substitution that is commonly used in the existing methods into a combination substitution, and combine it with Monte Carlo simulation to significantly expand the search space. Furthermore, based on the part-of-speech information, we combine the synonym token substitution strategy and the language model based substitution strategy to generate adversarial texts that are semantically consistent with the original texts. Extensive experiments illustrate that our method outperforms previous methods regarding attack efficiency, perturbation rate, and semantic similarity. Moreover, training on adversarial samples generated by our approach can effectively improve the robustness of the model.
AB - Deep Neural Networks (DNNs) have been widely used in Natural Language Processing (NLP) applications. However, due to the lack of interpretability, recent studies have shown that the DNN-based models used in NLP are vulnerable to adversarial attacks by adding subtle perturbations into inputs. Among the various existing adversarial attack methods, it is still challenging on how to maintain the high similarity between generated adversarial text and the original text while ensuring both grammatical correctness and semantic preservation. In this paper, we propose a novel attack method based on the approximating Top-K combination token substitution to generate adversarial text. We extend the sequential substitution that is commonly used in the existing methods into a combination substitution, and combine it with Monte Carlo simulation to significantly expand the search space. Furthermore, based on the part-of-speech information, we combine the synonym token substitution strategy and the language model based substitution strategy to generate adversarial texts that are semantically consistent with the original texts. Extensive experiments illustrate that our method outperforms previous methods regarding attack efficiency, perturbation rate, and semantic similarity. Moreover, training on adversarial samples generated by our approach can effectively improve the robustness of the model.
KW - Adversarial Attack
KW - Natural Language Processing
KW - Robustness
KW - Token Substitution
UR - https://www.scopus.com/pages/publications/85152237000
U2 - 10.1109/HPCC-DSS-SmartCity-DependSys57074.2022.00254
DO - 10.1109/HPCC-DSS-SmartCity-DependSys57074.2022.00254
M3 - 会议稿件
AN - SCOPUS:85152237000
T3 - Proceedings - 24th IEEE International Conference on High Performance Computing and Communications, 8th IEEE International Conference on Data Science and Systems, 20th IEEE International Conference on Smart City and 8th IEEE International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application, HPCC/DSS/SmartCity/DependSys 2022
SP - 1675
EP - 1681
BT - Proceedings - 24th IEEE International Conference on High Performance Computing and Communications, 8th IEEE International Conference on Data Science and Systems, 20th IEEE International Conference on Smart City and 8th IEEE International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application, HPCC/DSS/SmartCity/DependSys 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 24th IEEE International Conference on High Performance Computing and Communications, 8th IEEE International Conference on Data Science and Systems, 20th IEEE International Conference on Smart City and 8th IEEE International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application, HPCC/DSS/SmartCity/DependSys 2022
Y2 - 18 December 2022 through 20 December 2022
ER -