Local Post-hoc Explainable Methods for Adversarial Text Attacks

Deep learning models have significantly advanced various natural language processing tasks. However, they are strikingly vulnerable to adversarial text attacks, even in the black-box setting where no model knowledge is accessible to hackers. Such attacks are conducted with a two-phase framework: 1) a sensitivity estimation phase to evaluate each element’s sensitivity to the target model’s prediction, and 2) a perturbation execution phase to craft the adversarial examples based on estimated element sensitivity. This study explored the connections between the local post-hoc explainable methods for deep learning and black-box adversarial text attacks and proposed a novel eXplanation-based method for crafting Adversarial Text Attacks (XATA). XATA leverages local post-hoc explainable methods (e.g., LIME or SHAP) to measure input elements’ sensitivity and adopts the word replacement perturbation strategy to craft adversarial examples. We evaluated the attack performance of the proposed XATA on three commonly used text-based datasets: IMDB Movie Review, Yelp Reviews-Polarity, and Amazon Reviews-Polarity. The proposed XATA outperformed existing baselines in various target models, including LSTM, GRU, CNN, and BERT. Moreover, we found that improved local post-hoc explainable methods (e.g., SHAP) lead to more effective adversarial attacks. These findings showed that when researchers constantly advance the explainability of deep learning models with local post-hoc methods, they also provide hackers with weapons to craft more targeted and dangerous adversarial attacks.

Download Full-text

Leveraging Natural Language Processing Applications Using Machine Learning

Handbook of Research on Emerging Trends and Applications of Machine Learning - Advances in Computational Intelligence and Robotics ◽

10.4018/978-1-5225-9643-1.ch016 ◽

2020 ◽

pp. 338-360

Author(s):

Janjanam Prabhudas ◽

C. H. Pradeep Reddy

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Natural Language Processing ◽

Natural Language ◽

Language Processing ◽

Text Summarization ◽

Feature Representation ◽

Learning Models ◽

Primary Focus ◽

And Performance

The enormous increase of information along with the computational abilities of machines created innovative applications in natural language processing by invoking machine learning models. This chapter will project the trends of natural language processing by employing machine learning and its models in the context of text summarization. This chapter is organized to make the researcher understand technical perspectives regarding feature representation and their models to consider before applying on language-oriented tasks. Further, the present chapter revises the details of primary models of deep learning, its applications, and performance in the context of language processing. The primary focus of this chapter is to illustrate the technical research findings and gaps of text summarization based on deep learning along with state-of-the-art deep learning models for TS.

Download Full-text

Application of deep learning models for aspect based sentiment analysis.

Bulletin of Bryansk state technical university ◽

10.12737/22917 ◽

2015 ◽

Vol 2015 (3) ◽

pp. 117-126

Author(s):

Дмитрий Будыльский ◽

Dmitriy Budylskiy ◽

Александр Подвесовский ◽

Aleksandr Podvesovskiy

Keyword(s):

Neural Network ◽

Deep Learning ◽

Natural Language Processing ◽

Convolutional Neural Network ◽

Language Processing ◽

Recurrent Neural Network ◽

Russian Text ◽

Learning Models ◽

Actual Problem ◽

Good Efficiency

This paper describes actual problem of sentiment based aspect analysis and four deep learning models: convolutional neural network, recurrent neural network, GRU and LSTM networks. We evaluated these models on Russian text dataset from SentiRuEval-2015. Results show good efficiency and high potential for further natural language processing applications.

Download Full-text

Detection of Pneumothorax with Deep Learning Models: Learning From Radiologist Labels vs Natural Language Processing Model Generated Labels

Academic Radiology ◽

10.1016/j.acra.2021.09.013 ◽

2021 ◽

Author(s):

James Thomas Patrick Decourcy Hallinan ◽

Mengling Feng ◽

Dianwen Ng ◽

Soon Yiew Sia ◽

Vincent Tze Yang Tiong ◽

...

Keyword(s):

Deep Learning ◽

Natural Language Processing ◽

Natural Language ◽

Language Processing ◽

Learning Models

Download Full-text

Automatic Diagnosis of Spinal Disorders on Radiographic Images: Leveraging Existing Unstructured Datasets With Natural Language Processing

Global Spine Journal ◽

10.1177/21925682211026910 ◽

2021 ◽

pp. 219256822110269

Author(s):

Fabio Galbusera ◽

Andrea Cina ◽

Tito Bassani ◽

Matteo Panico ◽

Luca Maria Sconfienza

Keyword(s):

Artificial Intelligence ◽

Deep Learning ◽

Natural Language Processing ◽

Lumbar Spine ◽

Natural Language ◽

Language Processing ◽

Large Set ◽

Learning Models ◽

Radiological Findings ◽

Radiographic Images

Study Design: Retrospective study. Objectives: Huge amounts of images and medical reports are being generated in radiology departments. While these datasets can potentially be employed to train artificial intelligence tools to detect findings on radiological images, the unstructured nature of the reports limits the accessibility of information. In this study, we tested if natural language processing (NLP) can be useful to generate training data for deep learning models analyzing planar radiographs of the lumbar spine. Methods: NLP classifiers based on the Bidirectional Encoder Representations from Transformers (BERT) model able to extract structured information from radiological reports were developed and used to generate annotations for a large set of radiographic images of the lumbar spine (N = 10 287). Deep learning (ResNet-18) models aimed at detecting radiological findings directly from the images were then trained and tested on a set of 204 human-annotated images. Results: The NLP models had accuracies between 0.88 and 0.98 and specificities between 0.84 and 0.99; 7 out of 12 radiological findings had sensitivity >0.90. The ResNet-18 models showed performances dependent on the specific radiological findings with sensitivities and specificities between 0.53 and 0.93. Conclusions: NLP generates valuable data to train deep learning models able to detect radiological findings in spine images. Despite the noisy nature of reports and NLP predictions, this approach effectively mitigates the difficulties associated with the manual annotation of large quantities of data and opens the way to the era of big data for artificial intelligence in musculoskeletal radiology.

Download Full-text

Argot: Generating Adversarial Readable Chinese Texts

Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence ◽

10.24963/ijcai.2020/351 ◽

2020 ◽

Author(s):

Zihan Zhang ◽

Mingxuan Liu ◽

Chao Zhang ◽

Yiming Zhang ◽

Zhou Li ◽

...

Keyword(s):

Image Processing ◽

Natural Language Processing ◽

Success Rate ◽

Language Processing ◽

Black Box ◽

Essential Step ◽

Chinese Characteristics ◽

Adversarial Examples ◽

Chinese Texts ◽

Chinese And English

Natural language processing (NLP) models are known vulnerable to adversarial examples, similar to image processing models. Studying adversarial texts is an essential step to improve the robustness of NLP models. However, existing studies mainly focus on analyzing English texts and generating adversarial examples for English texts. There is no work studying the possibility and effect of the transformation to another language, e.g, Chinese. In this paper, we analyze the differences between Chinese and English, and explore the methodology to transform the existing English adversarial generation method to Chinese. We propose a novel black-box adversarial Chinese texts generation solution Argot, by utilizing the method for adversarial English samples and several novel methods developed on Chinese characteristics. Argot could effectively and efficiently generate adversarial Chinese texts with good readability. Furthermore, Argot could also automatically generate targeted Chinese adversarial text, achieving a high success rate and ensuring readability of the Chinese.

Download Full-text

Generating adversarial examples without specifying a target model

PeerJ Computer Science ◽

10.7717/peerj-cs.702 ◽

2021 ◽

Vol 7 ◽

pp. e702

Author(s):

Gaoming Yang ◽

Mingwei Li ◽

Xianjing Fang ◽

Ji Zhang ◽

Xingzhu Liang

Keyword(s):

Deep Learning ◽

Success Rate ◽

Black Box ◽

Time Cost ◽

Learning Models ◽

Security Threat ◽

Practical Situation ◽

Data Set ◽

Target Model ◽

Adversarial Examples

Adversarial examples are regarded as a security threat to deep learning models, and there are many ways to generate them. However, most existing methods require the query authority of the target during their work. In a more practical situation, the attacker will be easily detected because of too many queries, and this problem is especially obvious under the black-box setting. To solve the problem, we propose the Attack Without a Target Model (AWTM). Our algorithm does not specify any target model in generating adversarial examples, so it does not need to query the target. Experimental results show that it achieved a maximum attack success rate of 81.78% in the MNIST data set and 87.99% in the CIFAR-10 data set. In addition, it has a low time cost because it is a GAN-based method.

Download Full-text

DPAEG: A Dependency Parse-Based Adversarial Examples Generation Method for Intelligent Q&A Robots

Security and Communication Networks ◽

10.1155/2020/5890820 ◽

2020 ◽

Vol 2020 ◽

pp. 1-15

Author(s):

Mingfu Xue ◽

Chengxiang Yuan ◽

Jian Wang ◽

Weiqiang Liu

Keyword(s):

Natural Language Processing ◽

Language Processing ◽

Correct Answer ◽

State Of The Art ◽

Black Box ◽

Security Evaluation ◽

Test Dataset ◽

Human Evaluation ◽

Extraction Algorithm ◽

Adversarial Examples

Recently, the natural language processing- (NLP-) based intelligent question and answer (Q&A) robots have been used ubiquitously. However, the robustness and security of current Q&A robots are still unsatisfactory, e.g., a slight typo in the user’s question may cause the Q&A robot unable to return the correct answer. In this paper, we propose a fast and automatic test dataset generation method for the robustness and security evaluation of current Q&A robots, which can work in black-box scenarios and thus can be applied to a variety of different Q&A robots. Specifically, we propose a dependency parse-based adversarial examples generation (DPAEG) method for Q&A robots. DPAEG first uses the proposed dependency parse-based keywords extraction algorithm to extract keywords from a question. Then, the proposed algorithm generates adversarial words according to the extracted keywords, which include typos and words that are spelled similarly to the keywords. Finally, these adversarial words are used to generate a large number of adversarial questions. The generated adversarial questions which are similar to the original questions do not affect human’s understanding, but the Q&A robots cannot answer these adversarial questions correctly. Moreover, the proposed method works in a black-box scenario, which means it does not need the knowledge of the target Q&A robots. Experiment results show that the generated adversarial examples have a high success rate on two state-of-the-art Q&A robots, DrQA and Google Assistant. In addition, the generated adversarial examples not only affect the correct answer (top-1) returned by DrQA but also affect the top-k candidate answers returned by DrQA. The adversarial examples make the top-k candidate answers contain fewer correct answers and make the correct answers rank lower in the top-k candidate answers. The human evaluation results show that participants with different genders, ages, and mother tongues can understand the meaning of most of the generated adversarial examples, which means that the generated adversarial examples do not affect human’s understanding.

Download Full-text

Detailed Study of Deep Learning Models for Natural Language Processing

2020 2nd International Conference on Advances in Computing, Communication Control and Networking (ICACCCN) ◽

10.1109/icacccn51052.2020.9362989 ◽

2020 ◽

Author(s):

Megha Gupta ◽

Shailesh Kumar Verma ◽

Priyanshu Jain

Keyword(s):

Deep Learning ◽

Natural Language Processing ◽

Natural Language ◽

Language Processing ◽

Learning Models

Download Full-text

A comparative study of deep learning based language representation learning models

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v22.i2.pp1032-1040 ◽

2021 ◽

Vol 22 (2) ◽

pp. 1032

Author(s):

Mohammed Boukabous ◽

Mostafa Azizi

Keyword(s):

Deep Learning ◽

Natural Language Processing ◽

Text Mining ◽

Language Processing ◽

Representation Learning ◽

Learning Models ◽

Significant Development ◽

Language Representation ◽

Compare And Contrast ◽

Hierarchical Representations

Deep learning (DL) approaches use various processing layers to learn hierarchical representations of data. Recently, many methods and designs of natural language processing (NLP) models have shown significant development, especially in text mining and analysis. For learning vector-space representations of text, there are famous models like Word2vec, GloVe, and fastText. In fact, NLP took a big step forward when BERT and recently GTP-3 came out. In this paper, we highlight the most important language representation learning models in NLP and provide an insight of their evolution. We also summarize, compare and contrast these different models on sentiment analysis, and thus discuss their main strengths and limitations. Our obtained results show that BERT is the best language representation learning model.

Download Full-text