Short Text-based Adversarial Example Attack

With the accumulation of massive amounts of data and the continuous improvement of computing power,deep learning-based text classification has become an important part of the implementation of many key technical applications in the field of natural language processing(NLP).However,recent researches have demonstrated that deep neural networks-based text classification models are vulnerable to maliciously constructed adversarial examples.Considering the tasks with high-security requirements such as spam detection,social opinion analysis and harmful text detection.The problem of poor robustness against adversarial example attacks has attracted extensive attention of researchers at home and abroad.In order to further explore the risk of adversarial example attacks faced by deep learning models in the real-word deployment process,then study the defense measures to improve the robustness of the models,we take short text as the research object.Secondly we study on the generation method of adversarial examples from two aspects.The main work and innovation points of this paper are as follows.(1)In short text adversarial example generation: for the problem that adversarial example generation method in NLP tend to destroy the semantic integrity of the original text,we propose the AEST adversarial example generation method,which can generate adversarial examples with high similarity to the original text under white-box settings,and the adversarial examples have high attack success rate and low word perturbation rate.Comparing the two kinds of adversarial examples generated by AEST and baseline methods on the adversarial attack experiments.We further verify the effectiveness of the AEST adversarial example generation method.(2)In the area of DGA domain name adversarial example generation: for the problem of low similarity between DGA domain names and real domain names,we proposed a generative adversarial network model named Dn GAN,which can generate DGA domain name adversarial examples with high similarity to real domain names.We use the adversarial examples generated by Dn GAN in adversarial training and find that,it can better improve the classification model detection accuracy of unknown DGA domain.We also setting up several sets of comparison experiments.The results verify the effectiveness of adversarial attack and adversarial training of DGA domain name adversarial examples.Our adversarial example generation method solves the problem of low similarity between textual adversarial examples and original examples in the current research field,which has certain reference significance for further research work in this field.