Generating Natural Language Adversarial Examples

Alzantot, Moustafa; Sharma, Yash; Elgohary, Ahmed; Ho, Bo-Jhang; Srivastava, Mani; Chang, Kai-Wei

doi:10.48550/arxiv.1804.07998

Cited by 107 publications

(182 citation statements)

References 10 publications

Supporting

Mentioning

174

Contrasting

Order By: Relevance

“…Numerous research studies have extensively studied the role of adversarial attacks in developing robust NLP models [35], [39], [54], [58]. For example, Cheng et al [54] study crafting AEs for seq2seq models whose inputs are discrete text strings.…”

Section: Breaching Security By Improving Attacksmentioning

confidence: 99%

“…On the other hand, a black-box attack is a type of adversarial attack where an adversary does not have access to the model's internal structure nor parameters. This attack technique has been used in numerous research works [12], [39], [53], [83]- [89].…”

Section: Breaching Security By Improving Attacksmentioning

confidence: 99%

“…Alzantot et al [39] proposed a population-based optimization algorithm to generate semantically and syntactically similar AEs that can fool SA and textual entailment models with high accuracy. Moreover, they demonstrate that more than 90% of the successful SA AEs are classified to their original label by 20 human annotators, and that the examples are perceptibly quite similar.…”

Section: Breaching Security By Improving Attacksmentioning

confidence: 99%

“…As a metric, the attack success rate has been utilized in numerous research studies to determine the effectiveness of adversarial attacks on NLP models [12], [15], [39], [115], [116]. For instance, Alzantot et al [39] measured the effectiveness of their genetic algorithm-based adversarial attacks using the attack success rate as a metric which eventually indicates NLP model robustness to adversarial examples.…”

Section: A Attack Success Ratementioning

confidence: 99%

See 3 more Smart Citations

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

Omar¹,

Choi²,

Nyang³

et al. 2022

Preprint

View full text Add to dashboard Cite

Recent natural language processing (NLP) techniques have accomplished high performance on benchmark datasets, primarily due to the significant improvement in the performance of deep learning. The advances in the research community have led to great enhancements in state-of-the-art production systems for NLP tasks, such as virtual assistants, speech recognition, and sentiment analysis. However, such NLP systems still often fail when tested with adversarial attacks. The initial lack of robustness exposed troubling gaps in current models' language understanding capabilities, creating problems when NLP systems are deployed in real life. In this paper, we present a structured overview of NLP robustness research by summarizing the literature in a systemic way across various dimensions. We then take a deep-dive into the various dimensions of robustness, across techniques, metrics, embeddings, and benchmarks. Finally, we argue that robustness should be multi-dimensional, provide insights into current research, identify gaps in the literature to suggest directions worth pursuing to address these gaps.

show abstract

Section: Breaching Security By Improving Attacksmentioning

confidence: 99%

Section: Breaching Security By Improving Attacksmentioning

confidence: 99%

Section: Breaching Security By Improving Attacksmentioning

confidence: 99%

Section: A Attack Success Ratementioning

confidence: 99%

See 2 more Smart Citations

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

Omar¹,

Choi²,

Nyang³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Prior work has shown that neural networks are vulnerable to various types of (adversarial) perturbations, such as small l-norm bounded perturbations [39], geometric transformations [13,22], and word substitutions [2]. Such perturbations can often cause a misclassification for any given input, which may have serious consequences, especially in safety critical systems.…”

Section: Introductionmentioning

confidence: 99%

LinSyn: Synthesizing Tight Linear Bounds for Arbitrary Neural Network Activation Functions

Paulsen¹,

Wang²

2022

Preprint

View full text Add to dashboard Cite

The most scalable approaches to certifying neural network robustness depend on computing sound linear lower and upper bounds for the network's activation functions. Current approaches are limited in that the linear bounds must be handcrafted by an expert, and can be sub-optimal, especially when the network's architecture composes operations using, for example, multiplication such as in LSTMs and the recently popular Swish activation. The dependence on an expert prevents the application of robustness certification to developments in the state-of-the-art of activation functions, and furthermore the lack of tightness guarantees may give a false sense of insecurity about a particular model. To the best of our knowledge, we are the first to consider the problem of automatically synthesizing tight linear bounds for arbitrary n-dimensional activation functions. We propose the first fully automated method that achieves tight linear bounds while only leveraging the mathematical definition of the activation function itself. Our method leverages an efficient heuristic technique to synthesize bounds that are tight and usually sound, and then verifies the soundness (and adjusts the bounds if necessary) using the highly optimized branch-and-bound SMT solver, dReal. Even though our method depends on an SMT solver, we show that the runtime is reasonable in practice, and, compared with state of the art, our method often achieves 2-5X tighter final output bounds and more than quadruple certified robustness.

show abstract

Multi‐aspects AI‐based modeling and adversarial learning for cybersecurity intelligence and robustness: A comprehensive overview

Sarker

2023

Security and Privacy

View full text Add to dashboard Cite

Due to the rising dependency on digital technology, cybersecurity has emerged as a more prominent field of research and application that typically focuses on securing devices, networks, systems, data and other resources from various cyber-attacks, threats, risks, damages, or unauthorized access. Artificial Intelligence (AI), also referred to as a crucial technology of the current Fourth Industrial Revolution (Industry 4.0 or 4IR), could be the key to intelligently dealing with these cyber issues. Various forms of AI methodologies, such as analytical, functional, interactive, textual as well as visual AI can be employed to get the desired cyber solutions according to their computational capabilities. However, the dynamic nature and complexity of real-world situations and data gathered from various cyber sources make it challenging nowadays to build an effective AI-based security model. Moreover, defending robustly against adversarial attacks is still an open question in the area. In this paper, we provide a comprehensive view on "Cybersecurity Intelligence and Robustness", emphasizing multi-aspects AI-based modeling and adversarial learning that could lead to addressing diverse issues in various cyber applications areas such as detecting malware or intrusions, zero-day attacks, phishing, data breach, cyberbullying and other cybercrimes. Thus the eventual security modeling process could be automated, intelligent, and robust compared to traditional security systems. We also emphasize and draw attention to the future aspects of cybersecurity intelligence and robustness along with the research direction within the context of our study. Overall, our goal is not only to explore AI-based modeling and pertinent methodologies but also to focus on the resulting model's applicability for securing our digital systems and society.

show abstract

Generating Natural Language Adversarial Examples

Cited by 107 publications

References 10 publications

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

LinSyn: Synthesizing Tight Linear Bounds for Arbitrary Neural Network Activation Functions

Multi‐aspects AI‐based modeling and adversarial learning for cybersecurity intelligence and robustness: A comprehensive overview

Contact Info

Product

Resources

About