WordIllusion: An adversarial text generation algorithm based on human cognitive system

IF 2.1 3区心理学 Q3 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Cognitive Systems Research Pub Date : 2023-10-30 DOI:10.1016/j.cogsys.2023.101179

Haoran Fu , Chundong Wang , Jiaqi Sun , Yumeng Zhao , Hao Lin , Junqing Sun , Baixue Zhang

{"title":"WordIllusion: An adversarial text generation algorithm based on human cognitive system","authors":"Haoran Fu , Chundong Wang , Jiaqi Sun , Yumeng Zhao , Hao Lin , Junqing Sun , Baixue Zhang","doi":"10.1016/j.cogsys.2023.101179","DOIUrl":null,"url":null,"abstract":"<div><p>Although natural language processing technology has shown strong performance in many tasks, it is very vulnerable to adversarial examples, i.e., sentences with some small perturbations can fool AI models. Current adversarial texts for English are usually generated by finding substitute words in adjacent spaces of keyword vectors. Unlike English, Chinese is more discrete and has a more complex font structure, which words that are closer in vector spaces may differ greatly in physical structure. Therefore, adversarial examples generated by current methods possess lower quality and can be easily perceived by human, or rather, they are not suitable for the human cognitive system. In this paper, we propose the “WordIllusion”, a new detectable black-box algorithm used for generating Chinese adversarial texts. In this method, we create a CKSF evaluation indicator to select the key words of sentences. And then, based on the shape bias of human cognitive system and the rectification understanding to create replacement spaces of key words. To verify the effectiveness of WordIllusion, we experiment with two types of text classification tasks by using six natural language processing models. The result indicates that our method is able to improve the accuracy rate efficiently, and the generated adversarial texts can be very misleading.</p></div>","PeriodicalId":55242,"journal":{"name":"Cognitive Systems Research","volume":"83 ","pages":"Article 101179"},"PeriodicalIF":2.1000,"publicationDate":"2023-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cognitive Systems Research","FirstCategoryId":"102","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389041723001134","RegionNum":3,"RegionCategory":"心理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Although natural language processing technology has shown strong performance in many tasks, it is very vulnerable to adversarial examples, i.e., sentences with some small perturbations can fool AI models. Current adversarial texts for English are usually generated by finding substitute words in adjacent spaces of keyword vectors. Unlike English, Chinese is more discrete and has a more complex font structure, which words that are closer in vector spaces may differ greatly in physical structure. Therefore, adversarial examples generated by current methods possess lower quality and can be easily perceived by human, or rather, they are not suitable for the human cognitive system. In this paper, we propose the “WordIllusion”, a new detectable black-box algorithm used for generating Chinese adversarial texts. In this method, we create a CKSF evaluation indicator to select the key words of sentences. And then, based on the shape bias of human cognitive system and the rectification understanding to create replacement spaces of key words. To verify the effectiveness of WordIllusion, we experiment with two types of text classification tasks by using six natural language processing models. The result indicates that our method is able to improve the accuracy rate efficiently, and the generated adversarial texts can be very misleading.

查看原文本刊更多论文

WordIllusion:基于人类认知系统的对抗性文本生成算法

尽管自然语言处理技术在许多任务中显示出强大的性能，但它非常容易受到对抗性示例的影响，即带有一些小扰动的句子可以欺骗AI模型。当前的英语对抗性文本通常是通过在关键词向量的相邻空间中寻找替代词来生成的。与英语不同，汉语的字体结构更加离散，更加复杂，在向量空间上距离较近的单词在物理结构上可能会有很大的差异。因此，现有方法生成的对抗样例质量较低，容易被人类感知，或者说不适合人类的认知系统。在本文中，我们提出了“WordIllusion”，一种新的可检测黑盒算法，用于生成中文对抗性文本。在该方法中，我们创建了一个CKSF评价指标来选择句子的关键词。然后，基于人类认知系统的形状偏差和矫正理解，创造关键词的替代空间。为了验证WordIllusion的有效性，我们使用六种自然语言处理模型对两种类型的文本分类任务进行了实验。结果表明，我们的方法能够有效地提高准确率，并且生成的对抗文本可能具有很大的误导性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Cognitive Systems Research 工程技术-计算机：人工智能

CiteScore

9.40

自引率

5.10%

发文量

审稿时长

>12 weeks

期刊介绍： Cognitive Systems Research is dedicated to the study of human-level cognition. As such, it welcomes papers which advance the understanding, design and applications of cognitive and intelligent systems, both natural and artificial. The journal brings together a broad community studying cognition in its many facets in vivo and in silico, across the developmental spectrum, focusing on individual capacities or on entire architectures. It aims to foster debate and integrate ideas, concepts, constructs, theories, models and techniques from across different disciplines and different perspectives on human-level cognition. The scope of interest includes the study of cognitive capacities and architectures - both brain-inspired and non-brain-inspired - and the application of cognitive systems to real-world problems as far as it offers insights relevant for the understanding of cognition. Cognitive Systems Research therefore welcomes mature and cutting-edge research approaching cognition from a systems-oriented perspective, both theoretical and empirically-informed, in the form of original manuscripts, short communications, opinion articles, systematic reviews, and topical survey articles from the fields of Cognitive Science (including Philosophy of Cognitive Science), Artificial Intelligence/Computer Science, Cognitive Robotics, Developmental Science, Psychology, and Neuroscience and Neuromorphic Engineering. Empirical studies will be considered if they are supplemented by theoretical analyses and contributions to theory development and/or computational modelling studies.