Research On Adversarial Examples For Natural Language Processing

In recent years,deep learning has developed rapidly and is widely used in image recognition,natural language processing,data analysis,industrial production,and other fields.However,as deep learning is more and more closely related to our production and life,its reliability has gradually become a great concern.Research has shown that neural network models have inevitable vulnerabilities.When adversarial attacks are carried out on them,carefully constructed perturbations can make the model output results very different.These types of perturbed samples are usually called adversarial examples.Its earliest research started in the field of computer vision;in 2017,the adversarial example generation technology was first introduced in the field of natural language processing,and it quickly became an emerging hot field.However,the current research work in this field still has many problems such as low efficiency,weak effectiveness,and poor readability.It is necessary for researchers to deeply understand the working methods of deep neural networks and the nature of such vulnerabilities.This paper studies the technology and characteristics of text adversarial example generation from the perspective of adversarial attacks,and mainly does the following work:1.Aiming at the efficiency of the common word importance ranking method,a method for generating adversarial examples based on reusable word importance ranking is proposed,which reduces the complexity from O(n)to O(1),and has a 75% efficiency increase at the cost of 1% drop of the success rate.In addition,a three-stage adversarial example generation workflow,a Unicode-based perturbation method,and an improved search method are also proposed.2.There are few studies on adversarial example generation methods under extreme black box conditions,but they have strong practical value.This paper proposes a method for adversarial example generation based on this condition.For the first time,a word importance ranking method,word sequence search method,and word-based perturbation method that can work effectively under this condition are proposed.In the experiment,three data sets are effectively attacked,with the highest success rate of 72%.In addition,in the perturbation method,this paper also proposes a substitution word generation method based on Glo Ve,a grammar checking method based on part-of-speech tagging,and a semantic checking method based on semantic similarity.These methods can effectively improve the readability of adversarial examples.3.Aiming at the low success rate caused by the small search space of general search methods,a method of adversarial example generation based on the greedy search is proposed.Greedy search expands the search space and improves the success rate.Experiments have proved that the average success rate of search methods based on greedy is increased by 15% compared with general search methods.When attacking the BERT model,the success rate has increased by more than 20%.