Subscribe to the gold package and get unlimited access to Shamra Academy
Register a new userMulti-granularity Textual Adversarial Attack with Behavior Cloning
هجوم مخدر نصي متعدد الحبيبية مع استنساخ السلوك
192
0 0
0.0
(
0
)
Created by
Shamra Editor
Ask ChatGPT about the research
في الآونة الأخيرة، تصبح نماذج الهجوم المصنوع النصي شعبية بشكل متزايد بسبب نجاحها في تقدير نماذج NLP. ومع ذلك، فإن المصنفات الموجودة لها أوجه قصور واضحة. (1) عادة ما يفكرون فقط بتعبئة واحدة من استراتيجيات التعديل (على سبيل المثال Word-level-level-level)، وهو غير كاف لاستكشاف الفضاء النصي الشامل للجيل؛ (2) يحتاجون إلى الاستعلام عن نماذج الضحية مئات المرات لإجراء هجوم ناجح، وهو غير فعال للغاية في الممارسة العملية. لمعالجة هذه المشكلات، في هذه الورقة نقترح Maya، نموذج هجوم متعدد الحبيبات لتوليد عينات خصومة عالية الجودة عالية الجودة مع استعلامات أقل من نماذج الضحايا. علاوة على ذلك، نقترح طريقة تعتمد على التعزيز لتدريب وكيل هجوم متعدد التحبيب من خلال استنساخ السلوك مع معرفة الخبراء من خوارزمية مايا لدينا لتقليل أوقات الاستعلام. بالإضافة إلى ذلك، نقوم أيضا بتكييف الوكيل لمهاجمة نماذج الصندوق الأسود التي تستلزمات الإخراج فقط دون درجات الثقة. نحن نقوم بإجراء تجارب شاملة لتقييم نماذج الهجوم لدينا عن طريق مهاجمة Bilstm و Bert and Roberta في إعدادات هجوم سوداء مختلفة وثلاثة مجموعات بيانات معيار. تظهر النتائج التجريبية أن نماذجنا تحقق أداء مهاجم بشكل عام وتنتج عينات خصومة أكثر بطلاقة وحلال قوسنة مقارنة بالنماذج الأساسية. علاوة على ذلك، يقلل وكيل الهجوم الخاص بنا بشكل كبير من أوقات الاستعلام في كلا من إعدادات الهجوم. يتم إصدار رموزنا في https://github.com/yangyi-chen/maya.
Recently, the textual adversarial attack models become increasingly popular due to their successful in estimating the robustness of NLP models. However, existing works have obvious deficiencies. (1)They usually consider only a single granularity of modification strategies (e.g. word-level or sentence-level), which is insufficient to explore the holistic textual space for generation; (2) They need to query victim models hundreds of times to make a successful attack, which is highly inefficient in practice. To address such problems, in this paper we propose MAYA, a Multi-grAnularitY Attack model to effectively generate high-quality adversarial samples with fewer queries to victim models. Furthermore, we propose a reinforcement-learning based method to train a multi-granularity attack agent through behavior cloning with the expert knowledge from our MAYA algorithm to further reduce the query times. Additionally, we also adapt the agent to attack black-box models that only output labels without confidence scores. We conduct comprehensive experiments to evaluate our attack models by attacking BiLSTM, BERT and RoBERTa in two different black-box attack settings and three benchmark datasets. Experimental results show that our models achieve overall better attacking performance and produce more fluent and grammatical adversarial samples compared to baseline models. Besides, our adversarial attack agent significantly reduces the query times in both attack settings. Our codes are released at https://github.com/Yangyi-Chen/MAYA.
References used
https://aclanthology.org/
rate research
Read More
Representation learning is widely used in NLP for a vast range of tasks. However, representations derived from text corpora often reflect social biases. This phenomenon is pervasive and consistent across different neural models, causing serious conce
rn. Previous methods mostly rely on a pre-specified, user-provided direction or suffer from unstable training. In this paper, we propose an adversarial disentangled debiasing model to dynamically decouple social bias attributes from the intermediate representations trained on the main task. We aim to denoise bias information while training on the downstream task, rather than completely remove social bias and pursue static unbiased representations. Experiments show the effectiveness of our method, both on the effect of debiasing and the main task performance.
Adversarial examples expose the vulnerabilities of natural language processing (NLP) models, and can be used to evaluate and improve their robustness. Existing techniques of generating such examples are typically driven by local heuristic rules that
are agnostic to the context, often resulting in unnatural and ungrammatical outputs. This paper presents CLARE, a ContextuaLized AdversaRial Example generation model that produces fluent and grammatical outputs through a mask-then-infill procedure. CLARE builds on a pre-trained masked language model and modifies the inputs in a context-aware manner. We propose three contextualized perturbations, Replace, Insert and Merge, that allow for generating outputs of varied lengths. CLARE can flexibly combine these perturbations and apply them at any position in the inputs, and is thus able to attack the victim model more effectively with fewer edits. Extensive experiments and human evaluation demonstrate that CLARE outperforms the baselines in terms of attack success rate, textual similarity, fluency and grammaticality.
Recent literatures have shown that knowledge graph (KG) learning models are highly vulnerable to adversarial attacks. However, there is still a paucity of vulnerability analyses of cross-lingual entity alignment under adversarial attacks. This paper
proposes an adversarial attack model with two novel attack techniques to perturb the KG structure and degrade the quality of deep cross-lingual entity alignment. First, an entity density maximization method is employed to hide the attacked entities in dense regions in two KGs, such that the derived perturbations are unnoticeable. Second, an attack signal amplification method is developed to reduce the gradient vanishing issues in the process of adversarial attacks for further improving the attack effectiveness.
In this work, we study the task of classifying legal texts written in the Greek language. We introduce and make publicly available a novel dataset based on Greek legislation, consisting of more than 47 thousand official, categorized Greek legislation
resources. We experiment with this dataset and evaluate a battery of advanced methods and classifiers, ranging from traditional machine learning and RNN-based methods to state-of-the-art Transformer-based methods. We show that recurrent architectures with domain-specific word embeddings offer improved overall performance while being competitive even to transformer-based models. Finally, we show that cutting-edge multilingual and monolingual transformer-based models brawl on the top of the classifiers' ranking, making us question the necessity of training monolingual transfer learning models as a rule of thumb. To the best of our knowledge, this is the first time the task of Greek legal text classification is considered in an open research project, while also Greek is a language with very limited NLP resources in general.
In question generation, the question produced has to be well-formed and meaningfully related to the answer serving as input. Neural generation methods have predominantly leveraged the distributional semantics of words as representations of meaning an
d generated questions one word at a time. In this paper, we explore the viability of form-based and more fine-grained encodings, such as character or subword representations for question generation. We start from the typical seq2seq architecture using word embeddings presented by De Kuthy et al. (2020), who generate questions from text so that the answer given in the input text matches not just in meaning but also in form, satisfying question-answer congruence. We show that models trained on character and subword representations substantially outperform the published results based on word embeddings, and they do so with fewer parameters. Our approach eliminates two important problems of the word-based approach: the encoding of rare or out-of-vocabulary words and the incorrect replacement of words with semantically-related ones. The character-based model substantially improves on the published results, both in terms of BLEU scores and regarding the quality of the generated question. Going beyond the specific task, this result adds to the evidence weighing different form- and meaning-based representations for natural language processing tasks.
suggested questions
Log in to be able to interact and post comments
comments
Fetching comments
Sign in to be able to follow your search criteria
