Semantic-Preserving Adversarial Text Attacks

Deep learning models are known immensely brittle to adversarial image examples, yet their vulnerability in text classification is insufficiently explored. Existing text adversarial attack strategies can be roughly divided into three categories, i.e., character-level attack, word-level attack, and sentence-level attack. Despite the success brought by recent text attack methods, how to induce misclassification with the minimal text modifications while keeping the lexical correctness, syntactic soundness, and semantic consistency simultaneously is still a challenge. To examine the vulnerability of deep models, we devise a Bigram and Unigram based adaptive Semantic Preservation Optimization (BU-SPO) approach which attacks text documents not only at a unigram word level but also at a bigram level to avoid generating meaningless sentences. We also present a hybrid attack strategy that collects substitution words from both synonyms and sememe candidates, to enrich the potential candidate set. Besides, a Semantic Preservation Optimization (SPO) method is devised to determine the word substitution priority and reduce the perturbation cost. Furthermore, we constraint the SPO with a semantic Filter (dubbed SPOF) to improve the semantic similarity between the input text and the adversarial example. To estimate the effectiveness of our proposed methods, BU-SPO and BU-SPOF, we attack four victim deep learning models trained on three real-world text datasets. Experimental results demonstrate that our approaches accomplish the highest semantics consistency and attack success rates by making the minimal word modifications compared with competitive methods.

Download Full-text

On the Robustness of Deep Learning Models to Universal Adversarial Attack

2018 15th Conference on Computer and Robot Vision (CRV) ◽

10.1109/crv.2018.00018 ◽

2018 ◽

Cited By ~ 1

Author(s):

Rezaul Karim ◽

Md Amirul Islam ◽

Noman Mohammed ◽

Neil D. B. Bruce

Keyword(s):

Deep Learning ◽

Learning Models ◽

Adversarial Attack

Download Full-text

Assessment of Deep Learning Models for Human Activity Recognition on Multi-variate Time Series Data and Non-targeted Adversarial Attack

10.1007/978-3-030-78124-8_6 ◽

2021 ◽

pp. 129-159

Author(s):

Mahbuba Tasmin ◽

Sharif Uddin Ruman ◽

Taoseef Ishtiak ◽

Arif-ur-Rahman Chowdhury Suhan ◽

Redwan Hasif ◽

...

Keyword(s):

Time Series ◽

Deep Learning ◽

Activity Recognition ◽

Human Activity ◽

Time Series Data ◽

Human Activity Recognition ◽

Series Data ◽

Learning Models ◽

Adversarial Attack

Download Full-text

Attention-based CNN-BiLSTM for Dialect Identification on Javanese Text

Kinetik Game Technology Information System Computer Network Computing Electronics and Control ◽

10.22219/kinetik.v5i4.1121 ◽

2020 ◽

pp. 317-324

Author(s):

Ahmad Fathan Hidayatullah ◽

Siwi Cahyaningtyas ◽

Rheza Daffa Pamungkas

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Learning Approaches ◽

Learning Models ◽

Attention Networks ◽

Sentence Level ◽

Average Accuracy ◽

Input Layer ◽

Fully Connected ◽

Level Of Importance

This study proposes a hybrid deep learning models called attention-based CNN-BiLSTM (ACBiL) for dialect identification on Javanese text. Our ACBiL model comprises of input layer, convolution layer, max pooling layer, batch normalization layer, bidirectional LSTM layer, attention layer, fully connected layer and softmax layer. In the attention layer, we applied a hierarchical attention networks using word and sentence level attention to observe the level of importance from the content. As comparison, we also experimented with other several classical machine learning and deep learning approaches. Among the classical machine learning, the Linear Regression with unigram achieved the best performance with average accuracy of 0.9647. In addition, our observation with the deep learning models outperformed the traditional machine learning models significantly. Our experiments showed that the ACBiL architecture achieved the best performance among the other deep learning methods with the accuracy of 0.9944.

Download Full-text

Big Data Management and Analytics in Scientific Programming: A Deep Learning-Based Method for Aspect Category Classification of Question-Answering-Style Reviews

Scientific Programming ◽

10.1155/2020/4690974 ◽

2020 ◽

Vol 2020 ◽

pp. 1-10 ◽

Cited By ~ 1

Author(s):

Hanqian Wu ◽

Mumu Liu ◽

Shangbin Zhang ◽

Zhike Wang ◽

Siliang Cheng

Keyword(s):

Deep Learning ◽

Language Processing ◽

Question Answering ◽

Product Information ◽

Empirical Studies ◽

Product Reviews ◽

Related Information ◽

Basic Task ◽

Word Level ◽

Sentence Level

Online product reviews are exploring on e-commerce platforms, and mining aspect-level product information contained in those reviews has great economic benefit. The aspect category classification task is a basic task for aspect-level sentiment analysis which has become a hot research topic in the natural language processing (NLP) field during the last decades. In various e-commerce platforms, there emerge various user-generated question-answering (QA) reviews which generally contain much aspect-related information of products. Although some researchers have devoted their efforts on the aspect category classification for traditional product reviews, the existing deep learning-based approaches cannot be well applied to represent the QA-style reviews. Thus, we propose a 4-dimension (4D) textual representation model based on QA interaction-level and hyperinteraction-level by modeling with different levels of the text representation, i.e., word-level, sentence-level, QA interaction-level, and hyperinteraction-level. In our experiments, the empirical studies on datasets from three domains demonstrate that our proposals perform better than traditional sentence-level representation approaches, especially in the Digit domain.

Download Full-text

A Hybrid Adversarial Attack for Different Application Scenarios

Applied Sciences ◽

10.3390/app10103559 ◽

2020 ◽

Vol 10 (10) ◽

pp. 3559 ◽

Cited By ~ 1

Author(s):

Xiaohu Du ◽

Jie Yu ◽

Zibo Yi ◽

Shasha Li ◽

Jun Ma ◽

...

Keyword(s):

Deep Learning ◽

Success Rate ◽

Black Box ◽

De Algorithm ◽

Word Level ◽

Text Readability ◽

Gradient Based ◽

Adversarial Examples ◽

Adversarial Attack ◽

Cosine Distance

Adversarial attack against natural language has been a hot topic in the field of artificial intelligence security in recent years. It is mainly to study the methods and implementation of generating adversarial examples. The purpose is to better deal with the vulnerability and security of deep learning systems. According to whether the attacker understands the deep learning model structure, the adversarial attack is divided into black-box attack and white-box attack. In this paper, we propose a hybrid adversarial attack for different application scenarios. Firstly, we propose a novel black-box attack method of generating adversarial examples to trick the word-level sentiment classifier, which is based on differential evolution (DE) algorithm to generate semantically and syntactically similar adversarial examples. Compared with existing genetic algorithm based adversarial attacks, our algorithm can achieve a higher attack success rate while maintaining a lower word replacement rate. At the 10% word substitution threshold, we have increased the attack success rate from 58.5% to 63%. Secondly, when we understand the model architecture and parameters, etc., we propose a white-box attack with gradient-based perturbation against the same sentiment classifier. In this attack, we use a Euclidean distance and cosine distance combined metric to find the most semantically and syntactically similar substitution, and we introduce the coefficient of variation (CV) factor to control the dispersion of the modified words in the adversarial examples. More dispersed modifications can increase human imperceptibility and text readability. Compared with the existing global attack, our attack can increase the attack success rate and make modification positions in generated examples more dispersed. We’ve increased the global search success rate from 75.8% to 85.8%. Finally, we can deal with different application scenarios by using these two attack methods, that is, whether we understand the internal structure and parameters of the model, we can all generate good adversarial examples.

Download Full-text

Deep learning models for electrocardiograms are susceptible to adversarial attack

Nature Medicine ◽

10.1038/s41591-020-0791-x ◽

2020 ◽

Vol 26 (3) ◽

pp. 360-363 ◽

Cited By ~ 4

Author(s):

Xintian Han ◽

Yuxuan Hu ◽

Luca Foschini ◽

Larry Chinitz ◽

Lior Jankelson ◽

...

Keyword(s):

Deep Learning ◽

Learning Models ◽

Adversarial Attack

Download Full-text

The Adversarial Attack and Detection under the Fisher Information Metric

Proceedings of the AAAI Conference on Artificial Intelligence ◽

10.1609/aaai.v33i01.33015869 ◽

2019 ◽

Vol 33 ◽

pp. 5869-5876 ◽

Cited By ~ 2

Author(s):

Chenxiao Zhao ◽

P. Thomas Fletcher ◽

Mixue Yu ◽

Yaxin Peng ◽

Guixu Zhang ◽

...

Keyword(s):

Deep Learning ◽

Fisher Information ◽

Information Matrix ◽

Superior Performance ◽

Learning Models ◽

Detection Algorithms ◽

Fisher Information Metric ◽

One Step ◽

Information Metric ◽

Adversarial Attack

Many deep learning models are vulnerable to the adversarial attack, i.e., imperceptible but intentionally-designed perturbations to the input can cause incorrect output of the networks. In this paper, using information geometry, we provide a reasonable explanation for the vulnerability of deep learning models. By considering the data space as a non-linear space with the Fisher information metric induced from a neural network, we first propose an adversarial attack algorithm termed one-step spectral attack (OSSA). The method is described by a constrained quadratic form of the Fisher information matrix, where the optimal adversarial perturbation is given by the first eigenvector, and the vulnerability is reflected by the eigenvalues. The larger an eigenvalue is, the more vulnerable the model is to be attacked by the corresponding eigenvector. Taking advantage of the property, we also propose an adversarial detection method with the eigenvalues serving as characteristics. Both our attack and detection algorithms are numerically optimized to work efficiently on large datasets. Our evaluations show superior performance compared with other methods, implying that the Fisher information is a promising approach to investigate the adversarial attacks and defenses.

Download Full-text

Text Sentiment Analysis of German Multilevel Features Based on Self-Attention Mechanism

Security and Communication Networks ◽

10.1155/2021/8309586 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Xiang Li

Keyword(s):

Feature Extraction ◽

Deep Learning ◽

Feature Representation ◽

The Self ◽

Word Level ◽

Sentence Level ◽

Improvement Effect ◽

Representation Method ◽

Text Sentiment Analysis ◽

Deep Learning Model

In this paper, we propose a multilevel feature representation method that combines word-level features, such as German morphology and slang, and sentence-level features, such as special symbols and English-translated sentiment information, and build a deep learning model for German sentiment classification based on the self-attentive mechanism, in order to address the characteristics of German social media texts that are colloquial, irregular, and diverse. Compared with the existing studies, this model not only has the most obvious improvement effect but also has better feature extraction and classification ability for German emotion.

Download Full-text

Forward Context-Aware Clickbait Tweet Identification System

International Journal of Ambient Computing and Intelligence ◽

10.4018/ijaci.2021040102 ◽

2021 ◽

Vol 12 (2) ◽

pp. 21-32

Author(s):

Rajesh Kumar Mundotiya ◽

Naina Yadav

Keyword(s):

Social Media ◽

Deep Learning ◽

Identification Accuracy ◽

Identification System ◽

Context Aware ◽

Early Stopping ◽

Word Level ◽

Sentence Level ◽

Contextual Feature ◽

Regularization Techniques

Clickbait is an elusive challenge with the prevalence of social media such as Facebook and Twitter that misleads the readers while clicking on headlines. Limited annotated data makes it onerous to design an accurate clickbait identification system. The authors address this problem by purposing deep learning-based architecture with external knowledge which trains on social media post and descriptions. The pre-trained ELMO and BERT model obtains the sentence level contextual feature as knowledge; moreover, the LSTM layer helps to prevail the word level contextual feature. Training has done at different experiments (model with EMLO, model with BERT) with different regularization techniques such as dropout, early stopping, and finetuning. Forward context-aware clickbait tweet identification system (FCCTI) with BERT finetuning and model with ELMO using glove pre-trained embedding is the best model and achieves a clickbait identification accuracy of 0.847, improving on the previous baseline for this task.

Download Full-text