GenFighter: A Generative and Evolutive Textual Attack Removal

• URL: http://arxiv.org/abs/2404.11538v1
• Date: Wed, 17 Apr 2024 16:32:13 GMT
• Title: GenFighter: A Generative and Evolutive Textual Attack Removal
• Authors: Md Athikul Islam, Edoardo Serra, Sushil Jajodia,
• Abstract summary: Adrial attacks pose significant challenges to deep neural networks (DNNs) such as Transformer models in natural language processing (NLP) This paper introduces a novel defense strategy, called GenFighter, which enhances adversarial robustness by learning and reasoning on the training classification distribution. We show that GenFighter outperforms state-of-the-art defenses in accuracy under attack and attack success rate metrics.
• Score: 6.044610337297754
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Adversarial attacks pose significant challenges to deep neural networks (DNNs) such as Transformer models in natural language processing (NLP). This paper introduces a novel defense strategy, called GenFighter, which enhances adversarial robustness by learning and reasoning on the training classification distribution. GenFighter identifies potentially malicious instances deviating from the distribution, transforms them into semantically equivalent instances aligned with the training data, and employs ensemble techniques for a unified and robust response. By conducting extensive experiments, we show that GenFighter outperforms state-of-the-art defenses in accuracy under attack and attack success rate metrics. Additionally, it requires a high number of queries per attack, making the attack more challenging in real scenarios. The ablation study shows that our approach integrates transfer learning, a generative/evolutive procedure, and an ensemble method, providing an effective defense against NLP adversarial attacks.

Related papers

• Meta Invariance Defense Towards Generalizable Robustness to Unknown Adversarial Attacks [62.036798488144306]
  Current defense mainly focuses on the known attacks, but the adversarial robustness to the unknown attacks is seriously overlooked. We propose an attack-agnostic defense method named Meta Invariance Defense (MID) We show that MID simultaneously achieves robustness to the imperceptible adversarial perturbations in high-level image classification and attack-suppression in low-level robust image regeneration.
  arXiv  Detail & Related papers  (2024-04-04T10:10:38Z)
• MPAT: Building Robust Deep Neural Networks against Textual Adversarial Attacks [4.208423642716679]
  We propose a malicious perturbation based adversarial training method (MPAT) for building robust deep neural networks against adversarial attacks. Specifically, we construct a multi-level malicious example generation strategy to generate adversarial examples with malicious perturbations. We employ a novel training objective function to ensure achieving the defense goal without compromising the performance on the original task.
  arXiv  Detail & Related papers  (2024-02-29T01:49:18Z)
• Improving behavior based authentication against adversarial attack using XAI [3.340314613771868]
  We propose an eXplainable AI (XAI) based defense strategy against adversarial attacks in such scenarios. A feature selector, trained with our method, can be used as a filter in front of the original authenticator. We demonstrate that our XAI based defense strategy is effective against adversarial attacks and outperforms other defense strategies.
  arXiv  Detail & Related papers  (2024-02-26T09:29:05Z)
• Language Guided Adversarial Purification [3.9931474959554496]
  Adversarial purification using generative models demonstrates strong adversarial defense performance. New framework, Language Guided Adversarial Purification (LGAP), utilizing pre-trained diffusion models and caption generators.
  arXiv  Detail & Related papers  (2023-09-19T06:17:18Z)
• Can Adversarial Examples Be Parsed to Reveal Victim Model Information? [62.814751479749695]
  In this work, we ask whether it is possible to infer data-agnostic victim model (VM) information from data-specific adversarial instances. We collect a dataset of adversarial attacks across 7 attack types generated from 135 victim models. We show that a simple, supervised model parsing network (MPN) is able to infer VM attributes from unseen adversarial attacks.
  arXiv  Detail & Related papers  (2023-03-13T21:21:49Z)
• Learning to Learn Transferable Attack [77.67399621530052]
  Transfer adversarial attack is a non-trivial black-box adversarial attack that aims to craft adversarial perturbations on the surrogate model and then apply such perturbations to the victim model. We propose a Learning to Learn Transferable Attack (LLTA) method, which makes the adversarial perturbations more generalized via learning from both data and model augmentation. Empirical results on the widely-used dataset demonstrate the effectiveness of our attack method with a 12.85% higher success rate of transfer attack compared with the state-of-the-art methods.
  arXiv  Detail & Related papers  (2021-12-10T07:24:21Z)
• Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial Robustness [53.094682754683255]
  We propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically. Our method learns the in adversarial attacks parameterized by a recurrent neural network. We develop a model-agnostic training algorithm to improve the ability of the learned when attacking unseen defenses.
  arXiv  Detail & Related papers  (2021-10-13T13:54:24Z)
• Adaptive Feature Alignment for Adversarial Training [56.17654691470554]
  CNNs are typically vulnerable to adversarial attacks, which pose a threat to security-sensitive applications. We propose the adaptive feature alignment (AFA) to generate features of arbitrary attacking strengths. Our method is trained to automatically align features of arbitrary attacking strength.
  arXiv  Detail & Related papers  (2021-05-31T17:01:05Z)
• Robust Federated Learning with Attack-Adaptive Aggregation [45.60981228410952]
  Federated learning is vulnerable to various attacks, such as model poisoning and backdoor attacks. We propose an attack-adaptive aggregation strategy to defend against various attacks for robust learning.
  arXiv  Detail & Related papers  (2021-02-10T04:23:23Z)
• Progressive Defense Against Adversarial Attacks for Deep Learning as a Service in Internet of Things [9.753864027359521]
  Some Deep Neural Networks (DNN) can be easily misled by adding relatively small but adversarial perturbations to the input. We present a defense strategy called a progressive defense against adversarial attacks (PDAAA) for efficiently and effectively filtering out the adversarial pixel mutations. The result shows it outperforms the state-of-the-art while reducing the cost of model training by 50% on average.
  arXiv  Detail & Related papers  (2020-10-15T06:40:53Z)
• Learning to Attack: Towards Textual Adversarial Attacking in Real-world Situations [81.82518920087175]
  Adversarial attacking aims to fool deep neural networks with adversarial examples. We propose a reinforcement learning based attack model, which can learn from attack history and launch attacks more efficiently.
  arXiv  Detail & Related papers  (2020-09-19T09:12:24Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.