Research On Adversarial Sample Generation And Defease Methods For Text Classification

With the increasing maturity of artificial intelligence technology,deep learning-based text classification technology has been widely applied in real-world tasks,such as sentiment classification,malicious text detection,news classification,etc.However,deep learning models are vulnerable to adversarial samples attacks,which greatly affects the reliability of the deep learning models,and brings security risks to enterprises and individuals using related technologies.Therefore,how to improve the robustness of the model to adversarial samples while ensuring good generalization has become an important and urgent topic in the deep learning field.The thesis focuses on deep learning-based text classification task,and studies the adversarial examples that affect the reliability of the deep learning model.Classify and analyze existing schemes from the aspects of text adversarial sample attack and defense;And the following three tasks have been completed,which are related to the three parts of adversarial sample?generation,defense and experimental evaluation.1)Proposed a text adversarial sample generation scheme based on word saliency.Studying adversarial samples generation technology can help researchers better understand the working mechanism of the model and improve the performance.Most of the existing word replacement-based generation schemes have problems such as too many replacement words and poor readability of the adversarial samples.The thesis uses the significance of words to accurately locate the words that have a greater impact on the classification results,and uses the Hownet synonym corpus to obtain candidate replacement words with more similar parts of speech and meaning,which successfully improves the above problems.2)Proposed an adversarial sample defense scheme based on mixed adversarial training.The adversarial training method uses adversarial samples to retrain the model,which can improve the robustness of the model.Most of the existing adversarial training defense scheme are difficult to defend against multiple attack methods at the same time.The thesis proposes a mixed adversarial training scheme,which mixes the adversarial samples generated by multiple attack methods in equal proportions and then retrains the model to improve the performance of the model against multiple attack methods simultaneously.3)Designed and implemented a text adversarial sample experimental display platform.In recent years,more and more scholars have participated in adversarial sample research,but there is no visual experimental display platform that can help scholars understand the whole process of adversarial sample attack,defense,and evaluation intuitively and quickly.The platform designed in this thesis has complete attack,defense,and evaluation modules,and has high performance and good user experience.Based on the above three works,the feasibility and goodness of the first two algorithm schemes are verified through experimental evaluation;the complete functions and good performance of the experimental platform are verified through test analysis.