Visual Attack and Defense on Text
- URL: http://arxiv.org/abs/2008.10356v1
- Date: Fri, 7 Aug 2020 15:44:58 GMT
- Title: Visual Attack and Defense on Text
- Authors: Shengjun Liu, Ningkang Jiang, Yuanbin Wu
- Abstract summary: Modifying characters of a piece of text to their visual similar ones often ap-pear in spam in order to fool inspection systems and other conditions.
We ap-ply a vision-based model and adversarial training to defense the attack without losing the ability to understand normal text.
- Score: 18.513619521807286
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Modifying characters of a piece of text to their visual similar ones often
ap-pear in spam in order to fool inspection systems and other conditions, which
we regard as a kind of adversarial attack to neural models. We pro-pose a way
of generating such visual text attack and show that the attacked text are
readable by humans but mislead a neural classifier greatly. We ap-ply a
vision-based model and adversarial training to defense the attack without
losing the ability to understand normal text. Our results also show that visual
attack is extremely sophisticated and diverse, more work needs to be done to
solve this.
Related papers
- Vision-fused Attack: Advancing Aggressive and Stealthy Adversarial Text against Neural Machine Translation [24.237246648082085]
This paper proposes a novel vision-fused attack (VFA) framework to acquire powerful adversarial text.
For human imperceptibility, we propose the perception-retained adversarial text selection strategy to align the human text-reading mechanism.
arXiv Detail & Related papers (2024-09-08T08:22:17Z) - Vision-LLMs Can Fool Themselves with Self-Generated Typographic Attacks [62.34019142949628]
Typographic Attacks, which involve pasting misleading text onto an image, were noted to harm the performance of Vision-Language Models like CLIP.
We introduce two novel and more effective textitSelf-Generated attacks which prompt the LVLM to generate an attack against itself.
Using our benchmark, we uncover that Self-Generated attacks pose a significant threat, reducing LVLM(s) classification performance by up to 33%.
arXiv Detail & Related papers (2024-02-01T14:41:20Z) - Large Language Models Are Better Adversaries: Exploring Generative
Clean-Label Backdoor Attacks Against Text Classifiers [25.94356063000699]
Backdoor attacks manipulate model predictions by inserting innocuous triggers into training and test data.
We focus on more realistic and more challenging clean-label attacks where the adversarial training examples are correctly labeled.
Our attack, LLMBkd, leverages language models to automatically insert diverse style-based triggers into texts.
arXiv Detail & Related papers (2023-10-28T06:11:07Z) - When Vision Fails: Text Attacks Against ViT and OCR [25.132777620934768]
We show that text-based machine learning models are still vulnerable to visual adversarial examples encoded as text.
We show how a genetic algorithm can be used to generate visual adversarial examples in a black-box setting.
We demonstrate the effectiveness of these attacks in the real world by creating adversarial examples against production models published by Facebook, Microsoft, IBM, and Google.
arXiv Detail & Related papers (2023-06-12T11:26:08Z) - Adversarial Text Normalization [2.9434930072968584]
Adversarial Text Normalizer restores baseline performance on attacked content with low computational overhead.
We find that text normalization provides a task-agnostic defense against character-level attacks.
arXiv Detail & Related papers (2022-06-08T19:44:03Z) - Putting words into the system's mouth: A targeted attack on neural
machine translation using monolingual data poisoning [50.67997309717586]
We propose a poisoning attack in which a malicious adversary inserts a small poisoned sample of monolingual text into the training set of a system trained using back-translation.
This sample is designed to induce a specific, targeted translation behaviour, such as peddling misinformation.
We present two methods for crafting poisoned examples, and show that only a tiny handful of instances, amounting to only 0.02% of the training set, is sufficient to enact a successful attack.
arXiv Detail & Related papers (2021-07-12T08:07:09Z) - Attack to Fool and Explain Deep Networks [59.97135687719244]
We counter-argue by providing evidence of human-meaningful patterns in adversarial perturbations.
Our major contribution is a novel pragmatic adversarial attack that is subsequently transformed into a tool to interpret the visual models.
arXiv Detail & Related papers (2021-06-20T03:07:36Z) - Learning to Attack: Towards Textual Adversarial Attacking in Real-world
Situations [81.82518920087175]
Adversarial attacking aims to fool deep neural networks with adversarial examples.
We propose a reinforcement learning based attack model, which can learn from attack history and launch attacks more efficiently.
arXiv Detail & Related papers (2020-09-19T09:12:24Z) - Online Alternate Generator against Adversarial Attacks [144.45529828523408]
Deep learning models are notoriously sensitive to adversarial examples which are synthesized by adding quasi-perceptible noises on real images.
We propose a portable defense method, online alternate generator, which does not need to access or modify the parameters of the target networks.
The proposed method works by online synthesizing another image from scratch for an input image, instead of removing or destroying adversarial noises.
arXiv Detail & Related papers (2020-09-17T07:11:16Z) - Defense of Word-level Adversarial Attacks via Random Substitution
Encoding [0.5964792400314836]
adversarial attacks against deep neural networks on computer vision tasks have spawned many new technologies that help protect models from avoiding false predictions.
Recently, word-level adversarial attacks on deep models of Natural Language Processing (NLP) tasks have also demonstrated strong power, e.g., fooling a sentiment classification neural network to make wrong decisions.
We propose a novel framework called Random Substitution RSE, which introduces a random substitution into the training process of original neural networks.
arXiv Detail & Related papers (2020-05-01T15:28:43Z) - Adversarial Attacks and Defenses: An Interpretation Perspective [80.23908920686625]
We review recent work on adversarial attacks and defenses, particularly from the perspective of machine learning interpretation.
The goal of model interpretation, or interpretable machine learning, is to extract human-understandable terms for the working mechanism of models.
For each type of interpretation, we elaborate on how it could be used for adversarial attacks and defenses.
arXiv Detail & Related papers (2020-04-23T23:19:00Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.