MINIMAL: Mining Models for Universal Adversarial Triggers

Kumar, Yaman; Parekh, Swapnil; Singh, Somesh; Chen, Changyou; Krishnamurthy, Balaji; Shah, Rajiv Ratn

doi:10.1609/aaai.v36i10.21384

Cited by 2 publications

(1 citation statement)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Further, we show the performance of transfer attacks across prompts and find that ≈ 80% of them transfer, thus showing that the adversaries are easily domain adaptable and transfer well across prompts 11 . We choose to use universal adversarial triggers for this task since they are input-agnostic, consist of a small number of tokens, and since they do not require the model's white box access for every essay sample (Singla et al, 2022b), they have the potential of being used as "cheat-codes" where a code once extracted can be used by every test-taker. Our results show that the triggers are highly effective.…”

Section: Aes Oversensitivitymentioning

confidence: 99%

Automatic Essay Scoring Systems Are Both Overstable And Oversensitive: Explaining Why And Proposing Defenses

Kumar

Parekh

Singh

et al. 2023

dad

View full text Add to dashboard Cite

Deep-learning based Automatic Essay Scoring (AES) systems are being actively used in various high-stake applications in education and testing. However, little research has been put to understand and interpret the black-box nature of deep-learning-based scoring algorithms. While previous studies indicate that scoring models can be easily fooled, in this paper, we explore the reason behind their surprising adversarial brittleness. We utilize recent advances in interpretability to find the extent to which features such as coherence, content, vocabulary, and relevance are important for automated scoring mechanisms. We use this to investigate the oversensitivity (i.e., large change in output score with a little change in input essay content) and overstability (i.e., little change in output scores with large changes in input essay content) of AES. Our results indicate that autoscoring models, despite getting trained as “end-to-end” models with rich contextual embeddings such as BERT, behave like bag-of-words models. A few words determine the essay score without the requirement of any context making the model largely overstable. This is in stark contrast to recent probing studies on pre-trained representation learning models, which show that rich linguistic features such as parts-of-speech and morphology are encoded by them. Further, we also find that the models have learnt dataset biases, making them oversensitive. The presence of a few words with high co-occurrence with a certain score class makes the model associate the essay sample with that score. This causes score changes in ∼95% of samples with an addition of only a few words. To deal with these issues, we propose detection-based protection models that can detect oversensitivity and samples causing overstability with high accuracies. We find that our proposed models are able to detect unusual attribution patterns and flag adversarial samples successfully.

show abstract

Section: Aes Oversensitivitymentioning

confidence: 99%