Experimental Evaluation of Adversarial Attacks Against Natural Language Machine Learning Models

2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA) Pub Date : 2023-05-23 DOI:10.1109/SERA57763.2023.10197813

Jonathan Li, Steven Pugh, Honghe Zhou, Lin Deng, J. Dehlinger, Suranjan Chakraborty

{"title":"Experimental Evaluation of Adversarial Attacks Against Natural Language Machine Learning Models","authors":"Jonathan Li, Steven Pugh, Honghe Zhou, Lin Deng, J. Dehlinger, Suranjan Chakraborty","doi":"10.1109/SERA57763.2023.10197813","DOIUrl":null,"url":null,"abstract":"Machine learning models are being increasingly relied on for many natural language processing tasks. However, these models are vulnerable to adversarial attacks, i.e., inputs designed to target models into making a wrong prediction. Among different methods of attacking a model, it is important to understand what attacks are effective, so that we can design countermeasures to protect the models. In this paper, we design and implement six adversarial attacks against natural language machine learning models. Then, we evaluate the effectiveness of these attacks using a fine-tuned distilled BERT model and 5,000 sample sentences from the SST-2 dataset. Our results indicate that the Word-replace attack affected the model the most, which reduces the F1-score of the model by 34%. The Word-delete attack is the least effective, but still reduces the model’s accuracy by 17%. Based on the experimental results, we discuss our insights and provide our recommendations for building robust natural language machine learning models.","PeriodicalId":211080,"journal":{"name":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERA57763.2023.10197813","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Machine learning models are being increasingly relied on for many natural language processing tasks. However, these models are vulnerable to adversarial attacks, i.e., inputs designed to target models into making a wrong prediction. Among different methods of attacking a model, it is important to understand what attacks are effective, so that we can design countermeasures to protect the models. In this paper, we design and implement six adversarial attacks against natural language machine learning models. Then, we evaluate the effectiveness of these attacks using a fine-tuned distilled BERT model and 5,000 sample sentences from the SST-2 dataset. Our results indicate that the Word-replace attack affected the model the most, which reduces the F1-score of the model by 34%. The Word-delete attack is the least effective, but still reduces the model’s accuracy by 17%. Based on the experimental results, we discuss our insights and provide our recommendations for building robust natural language machine learning models.

查看原文本刊更多论文

针对自然语言机器学习模型的对抗性攻击的实验评估

许多自然语言处理任务越来越依赖机器学习模型。然而，这些模型很容易受到对抗性攻击，即设计用于目标模型做出错误预测的输入。在攻击模型的不同方法中，了解哪些攻击是有效的是很重要的，这样我们就可以设计对策来保护模型。在本文中，我们设计并实现了六种针对自然语言机器学习模型的对抗性攻击。然后，我们使用经过微调的蒸馏BERT模型和来自SST-2数据集的5000个样本句子来评估这些攻击的有效性。我们的研究结果表明，Word-replace攻击对模型的影响最大，使模型的f1分数降低了34%。单词删除攻击是最不有效的，但仍然使模型的准确率降低了17%。基于实验结果，我们讨论了我们的见解，并为构建健壮的自然语言机器学习模型提供了建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE/ACIS 21st International Conference on Software Engineering Research, Management and Applications (SERA)

自引率

0.00%

发文量