Enhancement Of Textual Adversarial Attack Ability Based On Metamorphic Testing

With machine learning widely applied to natural language processing,the robustness problems arouse natural concerns.The textual adversarial attack is an important method to reveal the robustness problem of NLP models.However,current researches focus on developing complex strategies for generating adversarial examples.As a result,not only the success rate of adversarial attacks is limited,but also the quality of adversarial examples decreases.To solve this problem,we propose the metamorphic testing for sememe-level sentence dilution algorithm(MT4SSDA)from a new perspective of improving the process of adversarial attack.The MT4 SSDA combines the concept of sememe-level sentence dilution algorithm(SSDA)with metamorphic testing(MT),which can improve both the success rate of adversarial attacks and the quality of adversarial examples.Specifically,our research is as follows:1.Construct a new model of the adversarial attack enhancement process based on metamorphic testing.First of all,we transform the meaning of SSDA into the description of metamorphic testing.Then,based on the two stages of the SSDA process,a dual-level metamorphic testing framework and corresponding metamorphic relations are designed.Last,we provide some samples to demonstrate how the new process model help to improve the quality of adversarial examples.2.Design a new textual adversarial attack enhancement algorithm that combines SSDA with MT.The metamorphic relations from different levels are embedded into SSDA to propose the new adversarial attack enhancement algorithm MT4 SSDA.MT4SSDA enhances the all-around ability including the success rate of adversarial attacks and the quality of adversarial examples.3.Develop the first industrialized textual adversarial attack test platform in this domain.The platform integrates a variety of datasets,models,and adversarial attack methods,which can help us easily to verify the effectiveness of MT4 SSDA.From the experimental result of 24 groups of experiments,the comprehensive quality of adversarial examples generated by MT4 SSDA increased by 26.66%,and the success rate of adversarial attacks increased by 10.13% compared with those without enhancement.All indexes of MT4 SSDA perform better.Compared with SSDA,the comprehensive quality increased by 7.61%,and the success rate maintained the same level.MT4 SSDA implementes the all-around enhancement of adversarial attacks for the first time.