一种有效的词级文本对抗性攻击方法

Zhixin Shi, Yuru Ma, Xiaoyan Yu
{"title":"一种有效的词级文本对抗性攻击方法","authors":"Zhixin Shi, Yuru Ma, Xiaoyan Yu","doi":"10.1109/ISCC53001.2021.9631472","DOIUrl":null,"url":null,"abstract":"Adversarial examples are used to reveal the vulnerability of deep neural networks (DNNs) and improve their robustness. The word-level attack is a well-studied class of textual adversarial attack methods. However, existing word-level attacks have unstable success rates in different application scenarios. And the attacks under black-box setting suffer from low efficiency because they need to query the target DNN model with a great quantity. In this paper, we present SynonymPSO, a word-level attack method for generating adversarial texts. Specifically, we use a variety of means to find and filter synonyms to construct a comprehensive candidate pool. Besides, we design a kind of modification record strategy to improve the efficiency of the particle swarm optimization algorithm. Compared with prior works, SynonymPSO has the following features: (1) effective - it outperforms the state-of-art attacks in terms of attack success rate on most occasions; (2) efficient - it generates adversarial examples with fewer queries and less time. We evaluate SynonymPSO on five datasets that belong to different text classification tasks, including sentiment analysis, natural language inference and spam detection. The experimental results demonstrate its effectiveness and efficiency. For instance, when attacking BiLSTM over Enron dataset, the attack success rate of our method is 20% higher than the baseline while the query number is reduced by 94%.","PeriodicalId":270786,"journal":{"name":"2021 IEEE Symposium on Computers and Communications (ISCC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"An Effective and Efficient Method for Word-Level Textual Adversarial Attack\",\"authors\":\"Zhixin Shi, Yuru Ma, Xiaoyan Yu\",\"doi\":\"10.1109/ISCC53001.2021.9631472\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Adversarial examples are used to reveal the vulnerability of deep neural networks (DNNs) and improve their robustness. The word-level attack is a well-studied class of textual adversarial attack methods. However, existing word-level attacks have unstable success rates in different application scenarios. And the attacks under black-box setting suffer from low efficiency because they need to query the target DNN model with a great quantity. In this paper, we present SynonymPSO, a word-level attack method for generating adversarial texts. Specifically, we use a variety of means to find and filter synonyms to construct a comprehensive candidate pool. Besides, we design a kind of modification record strategy to improve the efficiency of the particle swarm optimization algorithm. Compared with prior works, SynonymPSO has the following features: (1) effective - it outperforms the state-of-art attacks in terms of attack success rate on most occasions; (2) efficient - it generates adversarial examples with fewer queries and less time. We evaluate SynonymPSO on five datasets that belong to different text classification tasks, including sentiment analysis, natural language inference and spam detection. The experimental results demonstrate its effectiveness and efficiency. For instance, when attacking BiLSTM over Enron dataset, the attack success rate of our method is 20% higher than the baseline while the query number is reduced by 94%.\",\"PeriodicalId\":270786,\"journal\":{\"name\":\"2021 IEEE Symposium on Computers and Communications (ISCC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE Symposium on Computers and Communications (ISCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCC53001.2021.9631472\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium on Computers and Communications (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC53001.2021.9631472","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

摘要

使用对抗性示例来揭示深度神经网络(dnn)的脆弱性并提高其鲁棒性。词级攻击是一类被广泛研究的文本对抗性攻击方法。但是,现有的字级攻击在不同的应用场景下成功率不稳定。而黑盒设置下的攻击由于需要大量查询目标DNN模型,效率较低。在本文中,我们提出了一种用于生成对抗性文本的词级攻击方法SynonymPSO。具体来说,我们使用各种方法来查找和过滤同义词,以构建一个全面的候选库。此外,为了提高粒子群优化算法的效率,设计了一种修改记录策略。与以往的研究成果相比,该算法具有以下特点:(1)有效——在大多数情况下,它的攻击成功率都超过了目前最先进的攻击方法;(2)高效——它以更少的查询和更少的时间生成对抗性示例。我们在五个数据集上评估了同义词mpso,这些数据集属于不同的文本分类任务,包括情感分析、自然语言推理和垃圾邮件检测。实验结果证明了该方法的有效性和高效性。例如,在安然数据集上攻击BiLSTM时,我们的方法的攻击成功率比基线高20%,而查询数减少了94%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
An Effective and Efficient Method for Word-Level Textual Adversarial Attack
Adversarial examples are used to reveal the vulnerability of deep neural networks (DNNs) and improve their robustness. The word-level attack is a well-studied class of textual adversarial attack methods. However, existing word-level attacks have unstable success rates in different application scenarios. And the attacks under black-box setting suffer from low efficiency because they need to query the target DNN model with a great quantity. In this paper, we present SynonymPSO, a word-level attack method for generating adversarial texts. Specifically, we use a variety of means to find and filter synonyms to construct a comprehensive candidate pool. Besides, we design a kind of modification record strategy to improve the efficiency of the particle swarm optimization algorithm. Compared with prior works, SynonymPSO has the following features: (1) effective - it outperforms the state-of-art attacks in terms of attack success rate on most occasions; (2) efficient - it generates adversarial examples with fewer queries and less time. We evaluate SynonymPSO on five datasets that belong to different text classification tasks, including sentiment analysis, natural language inference and spam detection. The experimental results demonstrate its effectiveness and efficiency. For instance, when attacking BiLSTM over Enron dataset, the attack success rate of our method is 20% higher than the baseline while the query number is reduced by 94%.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信