Generating Textual Adversaries with Minimal Perturbation

• URL: http://arxiv.org/abs/2211.06571v1
• Date: Sat, 12 Nov 2022 04:46:07 GMT
• Title: Generating Textual Adversaries with Minimal Perturbation
• Authors: Xingyi Zhao, Lu Zhang, Depeng Xu, Shuhan Yuan
• Abstract summary: We develop a novel attack strategy to find adversarial texts with high similarity to the original texts. Our approach achieves higher success rates and lower perturbation rates in four benchmark datasets.
• Score: 11.758947247743615
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Many word-level adversarial attack approaches for textual data have been proposed in recent studies. However, due to the massive search space consisting of combinations of candidate words, the existing approaches face the problem of preserving the semantics of texts when crafting adversarial counterparts. In this paper, we develop a novel attack strategy to find adversarial texts with high similarity to the original texts while introducing minimal perturbation. The rationale is that we expect the adversarial texts with small perturbation can better preserve the semantic meaning of original texts. Experiments show that, compared with state-of-the-art attack approaches, our approach achieves higher success rates and lower perturbation rates in four benchmark datasets.

Related papers

• A Modified Word Saliency-Based Adversarial Attack on Text Classification Models [0.0]
  This paper introduces a novel adversarial attack method targeting text classification models. The Modified Word Saliency-based Adversarial At-tack (MWSAA) aims to mislead classification models while preserving semantic coherence. Empirical evaluations conducted on diverse text classification datasets demonstrate the effectiveness of the proposed method.
  arXiv  Detail & Related papers  (2024-03-17T18:39:14Z)
• HQA-Attack: Toward High Quality Black-Box Hard-Label Adversarial Attack on Text [40.58680960214544]
  Black-box hard-label adversarial attack on text is a practical and challenging task. We propose a framework to generate high quality adversarial examples under the black-box hard-label attack scenarios, named HQA-Attack.
  arXiv  Detail & Related papers  (2024-02-02T10:06:43Z)
• Key Information Retrieval to Classify the Unstructured Data Content of Preferential Trade Agreements [17.14791553124506]
  We introduce a novel approach to long-text classification and prediction. We employ embedding techniques to condense the long texts, aiming to diminish the redundancy therein. Experimental outcomes indicate that our method realizes considerable performance enhancements in classifying long texts of Preferential Trade Agreements.
  arXiv  Detail & Related papers  (2024-01-23T06:30:05Z)
• How Well Do Text Embedding Models Understand Syntax? [50.440590035493074]
  The ability of text embedding models to generalize across a wide range of syntactic contexts remains under-explored. Our findings reveal that existing text embedding models have not sufficiently addressed these syntactic understanding challenges. We propose strategies to augment the generalization ability of text embedding models in diverse syntactic scenarios.
  arXiv  Detail & Related papers  (2023-11-14T08:51:00Z)
• Phrase-level Textual Adversarial Attack with Label Preservation [34.42846737465045]
  We propose Phrase-Level Textual Adrial aTtack (PLAT) that generates adversarial samples through phrase-level perturbations. PLAT has a superior attack effectiveness as well as a better label consistency than strong baselines.
  arXiv  Detail & Related papers  (2022-05-22T02:22:38Z)
• Block-Sparse Adversarial Attack to Fool Transformer-Based Text Classifiers [49.50163349643615]
  In this paper, we propose a gradient-based adversarial attack against transformer-based text classifiers. Experimental results demonstrate that, while our adversarial attack maintains the semantics of the sentence, it can reduce the accuracy of GPT-2 to less than 5%.
  arXiv  Detail & Related papers  (2022-03-11T14:37:41Z)
• Learning-based Hybrid Local Search for the Hard-label Textual Attack [53.92227690452377]
  We consider a rarely investigated but more rigorous setting, namely hard-label attack, in which the attacker could only access the prediction label. Based on this observation, we propose a novel hard-label attack, called Learning-based Hybrid Local Search (LHLS) algorithm. Our LHLS significantly outperforms existing hard-label attacks regarding the attack performance as well as adversary quality.
  arXiv  Detail & Related papers  (2022-01-20T14:16:07Z)
• Semantic-Preserving Adversarial Text Attacks [85.32186121859321]
  We propose a Bigram and Unigram based adaptive Semantic Preservation Optimization (BU-SPO) method to examine the vulnerability of deep models. Our method achieves the highest attack success rates and semantics rates by changing the smallest number of words compared with existing methods.
  arXiv  Detail & Related papers  (2021-08-23T09:05:18Z)
• MOST: A Multi-Oriented Scene Text Detector with Localization Refinement [67.35280008722255]
  We propose a new algorithm for scene text detection, which puts forward a set of strategies to significantly improve the quality of text localization. Specifically, a Text Feature Alignment Module (TFAM) is proposed to dynamically adjust the receptive fields of features. A Position-Aware Non-Maximum Suppression (PA-NMS) module is devised to exclude unreliable ones.
  arXiv  Detail & Related papers  (2021-04-02T14:34:41Z)
• Towards Robust Speech-to-Text Adversarial Attack [78.5097679815944]
  This paper introduces a novel adversarial algorithm for attacking the state-of-the-art speech-to-text systems, namely DeepSpeech, Kaldi, and Lingvo. Our approach is based on developing an extension for the conventional distortion condition of the adversarial optimization formulation. Minimizing over this metric, which measures the discrepancies between original and adversarial samples' distributions, contributes to crafting signals very close to the subspace of legitimate speech recordings.
  arXiv  Detail & Related papers  (2021-03-15T01:51:41Z)
• Generating Natural Language Attacks in a Hard Label Black Box Setting [3.52359746858894]
  We study an important and challenging task of attacking natural language processing models in a hard label black box setting. We propose a decision-based attack strategy that crafts high quality adversarial examples on text classification and entailment tasks.
  arXiv  Detail & Related papers  (2020-12-29T22:01:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.