نقترح أول هجوم مقاوم للتدرج على المستوى العام على نماذج المحولات.بدلا من البحث عن مثال خصم واحد، نبحث عن توزيع الأمثلة الخصومة المعلمة بواسطة مصفوفة مستمرة قيمة، وبالتالي تمكين التحسين المستندة إلى التدرج.إننا نوضح تجريبيا أن هجومنا الأبيض الخاص بنا يصل إلى أداء الهجوم الحديثة في مجموعة متنوعة من المهام اللغوية الطبيعية، مما يتفوق على العمل السابق من حيث معدل النجاح العديي مع مطابقة غير محسنة حسب التقييم الآلي والبشري.علاوة على ذلك، نظير على أن هجوم قوي عبر الصندوق الأسود، تم تمكينه بواسطة أخذ العينات من التوزيع العديزي أو يطابق أو يتجاوز الطرق الحالية، في حين يتطلب فقط مخرجات التسمية الصعبة.
We propose the first general-purpose gradient-based adversarial attack against transformer models. Instead of searching for a single adversarial example, we search for a distribution of adversarial examples parameterized by a continuous-valued matrix, hence enabling gradient-based optimization. We empirically demonstrate that our white-box attack attains state-of-the-art attack performance on a variety of natural language tasks, outperforming prior work in terms of adversarial success rate with matching imperceptibility as per automated and human evaluation. Furthermore, we show that a powerful black-box transfer attack, enabled by sampling from the adversarial distribution, matches or exceeds existing methods, while only requiring hard-label outputs.
References used
https://aclanthology.org/
Deep neural networks are vulnerable to adversarial attacks, where a small perturbation to an input alters the model prediction. In many cases, malicious inputs intentionally crafted for one model can fool another model. In this paper, we present the
Neural abstractive summarization systems have gained significant progress in recent years. However, abstractive summarization often produce inconsisitent statements or false facts. How to automatically generate highly abstract yet factually correct s
Written language carries explicit and implicit biases that can distract from meaningful signals. For example, letters of reference may describe male and female candidates differently, or their writing style may indirectly reveal demographic character
Deep learning is at the heart of the current rise of artificial intelligence. In the field of Computer Vision, it has become the workhorse for applications ranging from self-driving cars to surveillance and security. Whereas deep neural networks have
Recent work has demonstrated the vulnerability of modern text classifiers to universal adversarial attacks, which are input-agnostic sequences of words added to text processed by classifiers. Despite being successful, the word sequences produced in s