摘 要:生成质量良好的文本对抗样本对研究模型的鲁棒性有着重要意义。现有的单词级的攻击方法搜索到的替换词往往不够有效,对抗样本的质量也就难以达到理想水平。因此在现有的单词替换的方法下,利用知网(CNKI)搜索更高质量的替换词,产生更佳的扰动。实验结果表明,该方法提高了样本的攻击成功率,更贴近原始输入样本。
关键词:文本对抗样本;自然语言处理;知网;对抗攻击
DOI:10.19850/j.cnki.2096-4706.2022.10.027
中图分类号:TP301.6 文献标识码:A 文章编号:2096-4706(2022)10-0108-04
Text Adversarial Sample Attacks Based on Word Replacement
ZHANG Ying
(School of Computer Science and Engineering, Anhui University of Science and Technology, Huainan 232001, China)
Abstract: Generating good-quality text adversarial examples is of great significance to study the robustness of the model. The replacement words searched by the existing word-level attack methods are often not effective enough, and the quality of the adversarial samples cannot reach the ideal level. Therefore, under the existing method of word replacement, CNKI is used to search for higher-quality replacement words to generate better perturbations. The experimental results show that this method improves the attack success rate of the samples and is closer to the original input samples.
Keywords: text adversarial sample; natural language processing; CNKI; adversarial attack
参考文献:
[1] 罗枭 . 基于深度学习的自然语言处理研究综述 [J]. 智能计算机与应用,2020,10(4):133-137.
[2] 刘海燕,吕涵 . 对抗样本生成及防御方法综述 [J]. 现代信息科技,2021,5(22):82-85.
[3] GAO J,LANCHANTIN J,SOFFA M L,et al. Black-Box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers [C]//2018 IEEE Security and Privacy Workshops (SPW). IEEE,2018:50-56.
[4] IYYER M,WIETING J,GIMPEL K,e t al . Adversarial Example Generation with Syntactically Controlled Paraphrase Networks [C]//Proceedings of the 2018 Conference of the North American Chapter of the Association for Computational Linguistics:Human Language Technologies, Volume 1 (Long Papers). New Orleans:NAACL,2018:1875-1885.
[5] REN S,DENG Y,HE K,et al. Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency [C]//Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics.ACL,2019:1085-1097.
[6] JIN D,JIN Z,ZHOU J T,et al. Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment [C]//Proceedings of the AAAI Conference on Artificial Intelligence. 2020:8018-8025.
[7] DONG Z,DONG Q. Hownet and the Computation of Meaning [M].USA:World Scientific Publishing Co.,Inc., 2006.
[8] ZHENG X,ZENG J,ZHOU Y,et al. Evaluating and enhancing the robustness of neural network-based dependency parsing models with adversarial examples [C]// Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics. ACL,2020:6600-6610.
作者简介:张影(1996—),女,汉族,安徽阜阳人,硕士研究生在读,研究方向:网络与信息安全。