Research On Adversarial Examples For Chinese Text Classification Models

The text classification task has made significant progress in recent years,with the back of machine learning and deep learning theories.Several models based on the deep neural network have produced human-like classification outcomes testing on publicly available datasets.Unfortunately,while this technology has provided great convenience,it has also exposed us to threats and risks.Many of the text classification models already suggested focus primarily on statistical distribution patterns,according to studies,and do not adequately capture the semantic features,which is at the high-level aspects.As a result,the text classification systems based on deep learning may be vulnerable to adversarial attacks,in which attackers can alter the recognition results of relevant models without influencing human understanding of the semantics by changing the text's keywords,phrases,and even sentences.Using adversarial examples techniques,malicious texts such as phishing emails,online rumors,and fraudulent messages can easily evade detection,which is built upon neural network recognition systems.Then the aim can be achieved,such as money embezzlement,malicious news spread,posing a new risk,and challenging cybersecurity.This research focuses on the security of Chinese text classification assignments using natural language processing(NLP)technology after examining efficient and reliable techniques based on studying robust adversarial examples generation techniques for Chinese text classification models.The main research contents and contributions of this paper are as follows:1.Sorted out and summarized the current status of adversarial examples research in the field of NLP.The research alleviated the risk faced by Chinese text classification models on the basis of clarifying the principles linked to adversarial examples.We first analyzed the causes of multiple vulnerabilities of deep learning-based natural language processing models.Then we summarized the features,classification and evaluation indexes of text,and assessed the typical tasks and datasets involved in adversarial techniques in this field.Next,the text adversarial examples generation technology and related defense technologies were summarized and analyzed.Finally,we discussed the key points of both attackers and defenders in the field of NLP adversarial examples.2.A black-box adversarial examples generation method,CText Perturbator,for Chinese text classification models is proposed.The algorithm consists of two main parts: a perturbation localizer and an adversarial decider.The perturbation localizer is based on the black-box testing idea,and locates keywords that can significantly affect the classification results,through the query scoring mechanism when the internal details of the model are unknown;the visual perception weight is introduced to constrain the noise position and enhance the concealment.The adversarial decider expands the perturbation search space using various adversarial noise generation strategies such as morphological similarity,traditional Chinese characters,pinyin substitution,and etc.to enhance the success rate of the attack in order to generate adversarial examples that are visually similar to the original sentence.The method uses a policy network trained with a deep reinforcement learning technique to select appropriate noise strategies based on keywords and target sentences,and finally realizes the adversarial attack on the deep learning-based Chinese text classification system.3.A Chinese adversarial examples detection model MC-Caps Net based on capsule network and self-attention mechanism is proposed.In terms of adversarial information representation,the model adopts a multi-channel design structure and introduces a self-attention mechanism between capsules,which can characterize the input text at multiple levels to discover possible abnormal word vectors and contextual adversarial features contained in the sample;in terms of model optimization,a fast dynamic routing algorithm,which enables the model to take into account the operational efficiency with high accuracy,and the model can be used in adversarial text detection scenarios with high requirements for real-time.The experimental results on the adversarial text examples dataset generated based on the CText Perturbator algorithm show that the model has advantages in both detection performance and efficiency.