A Textual Adversarial Example Generation Technique Based On Similar Word Replacement

With the development of deep learning theory and related technologies,deep learning models have been widely applied in various practical scenarios.In the field of image,deep learning models are not only used in typical application scenarios such as target detection,image classification and face recognition,but also in more and more application scenarios of natural language processing,such as sentiment analysis,spam classification and machine translation.However,deep learning models show serious vulnerability when facing adversarial examples.Even a small change added to the original data will affect the output of the model.In recent years,researchers have attacked deep learning models by adding carefully constructed perturbations to the original data that are indistinguishable to the human eyes to generate adversarial examples.Adversarial examples bring security risks to the application and promotion of deep learning technology.Taking text field as an example,so far,researchers have proposed a variety of methods for generating text adversarial examples for different application scenarios.Although the adversarial examples generated by these methods can make the deep learning model give wrong output,there are still some shortcomings.Different from image data,text data contains complex syntax and semantic information,and the modification operation on the original data is easy to be recognized manually,resulting in poor concealment of the generated adversarial examples.In order to solve this problem,this paper proposes a text adversarial examples generation method based on similar word replacement.The main research work includes the following points:1.Firstly,this paper studies the method to determine the influence of a word in the original text on the results of model classification,and constructs the keyword sequence of each text.This method takes into account the position of words in the text,fully combines the context information to score the words,and ranks them according to the score from high to low.The higher the ranking of the words,the greater the influence on the prediction results of the model.In this paper,we use this method to score words in a text data and get the keyword sequence of the data.2.Secondly,this paper designs a similar word replacement model to find the words that are similar to the keywords to be replaced,and generates text adversarial examples through the replacement keywords.Specifically,this paper uses a variety of word similarity scoring methods to calculate alternative similar words,and uses alternative similar words to generate adversarial examples.3.Thirdly,the success rate of the generated adversarial examples is analyzed experimentally.In this paper,two sets of experiments are designed to verify the effectiveness of the generated adversarial examples by using them to attack the LSTM model and the BILSTM model respectively.The experimental results show that for Yelp review dataset,the classification effect of the model can be significantly reduced under the premise that only 12.5%of the average text length is modified.4.Finally,this paper builds a text adversarial examples generation and verification system based on the above methods.The system realizes two functions of label prediction and adversarial examples generation and displays them to users through the interaction of front and rear ends.The system can intuitively show the differences between the original data and the adversarial examples to the users,which is convenient for the users to understand the generation method of the text adversarial examples.In conclusion,this article uses the method based on similar words replacement to generate adversarial examples,in this method,only few characters in the words of the original text will be replaced to another words,and then attack deep learning model,this method avoids the characters in the word modified vulnerable to spell check module to identify and correct the problem,and can guarantee degree of changes as small as possible.The method has good concealment,and the validity of the method is verified by designing experiments.By studying the adversarial examples,we can not only evaluate the security of the model,but also use the generated adversarial examples to conduct confrontation training on the model to further improve the robustness of the model and promote the application of deep learning models in practical scenarios.