Subscribe to the gold package and get unlimited access to Shamra Academy
Register a new userModel Extraction and Adversarial Transferability, Your BERT is Vulnerable!
استخراج النموذج والتحويل الخصم، بيرت الخاص بك عرضة للخطر!
140
0 0
0.0
(
0
)
Created by
Shamra Editor
Ask ChatGPT about the research
تم إثبات مهام معالجة اللغة الطبيعية (NLP)، بدءا من تصنيف النص إلى جيل النص، من خلال نماذج اللغة المحددة مسبقا، مثل بيرت. هذا يسمح للشركات بإنشاء برامج برت أقوى بسهولة عن طريق تثبيت نماذج Berted Brounded لمهام المصب. ومع ذلك، عندما يتم نشر نموذج Berted Berted كخدمة، فقد يعاني من هجمات مختلفة تم إطلاقها من قبل المستخدمين الضارين. في هذا العمل، نقدم أولا كيف يمكن أن يسرق الخصم خدمة API القائمة على BERT (النموذج الضحية / الهدف) على مجموعات بيانات معطرة متعددة ذات معرفة مسبقة محدودة واستفسارات. نوضح كذلك أن النموذج المستخرج يمكن أن يؤدي إلى هجمات خصومة قابلة للتحويل شديدة ضد نموذج الضحية. تشير دراساتنا إلى أن نقاط الضعف المحتملة لخدمات API القائمة على بيرت لا تزال تعقد، حتى عندما يكون هناك عدم تطابق معماري بين نموذج الضحية ونموذج الهجوم. أخيرا، نبحث في استراتيجيات دفاعتين لحماية نموذج الضحية، وإيجاد أنه ما لم يتم التضحية بأداء نموذج الضحايا، فإن كلا من استخراج النماذج والانتفاخ الخصوم يمكن أن تساوم على نحو فعال النماذج المستهدفة.
Natural language processing (NLP) tasks, ranging from text classification to text generation, have been revolutionised by the pretrained language models, such as BERT. This allows corporations to easily build powerful APIs by encapsulating fine-tuned BERT models for downstream tasks. However, when a fine-tuned BERT model is deployed as a service, it may suffer from different attacks launched by the malicious users. In this work, we first present how an adversary can steal a BERT-based API service (the victim/target model) on multiple benchmark datasets with limited prior knowledge and queries. We further show that the extracted model can lead to highly transferable adversarial attacks against the victim model. Our studies indicate that the potential vulnerabilities of BERT-based API services still hold, even when there is an architectural mismatch between the victim model and the attack model. Finally, we investigate two defence strategies to protect the victim model, and find that unless the performance of the victim model is sacrificed, both model extraction and adversarial transferability can effectively compromise the target models.
References used
https://aclanthology.org/
rate research
Read More
To be good conversational partners, natural language processing (NLP) systems should be trained to produce contextually useful utterances. Prior work has investigated training NLP systems with communication-based objectives, where a neural listener s
tands in as a communication partner. However, these systems commonly suffer from semantic drift where the learned language diverges radically from natural language. We propose a method that uses a population of neural listeners to regularize speaker training. We first show that language drift originates from the poor uncertainty calibration of a neural listener, which makes high-certainty predictions on novel sentences. We explore ensemble- and dropout-based populations of listeners and find that the former results in better uncertainty quantification. We evaluate both population-based objectives on reference games, and show that the ensemble method with better calibration enables the speaker to generate pragmatic utterances while scaling to a large vocabulary and generalizing to new games and listeners.
This paper investigates whether the power of the models pre-trained on text data, such as BERT, can be transferred to general token sequence classification applications. To verify pre-trained models' transferability, we test the pre-trained models on
text classification tasks with meanings of tokens mismatches, and real-world non-text token sequence classification data, including amino acid, DNA, and music. We find that even on non-text data, the models pre-trained on text converge faster, perform better than the randomly initialized models, and only slightly worse than the models using task-specific knowledge. We also find that the representations of the text and non-text pre-trained models share non-trivial similarities.
Manipulation-relevant common-sense knowledge is crucial to support action-planning for complex tasks. In particular, instrumentality information of what can be done with certain tools can be used to limit the search space which is growing exponential
ly with the number of viable options. Typical sources for such knowledge, structured common-sense knowledge bases such as ConceptNet or WebChild, provide a limited amount of information which also varies drastically across different domains. Considering the recent success of pre-trained language models such as BERT, we investigate whether common-sense information can directly be extracted from semi-structured text with an acceptable annotation effort. Concretely, we compare the common-sense relations obtained from ConceptNet versus those extracted with BERT from large recipe databases. In this context, we propose a scoring function, based on the WordNet taxonomy to match specific terms to more general ones, enabling a rich evaluation against a set of ground-truth relations.
This paper describes the winning system in the End-to-end Pipeline phase for the NLPContributionGraph task. The system is composed of three BERT-based models and the three models are used to extract sentences, entities and triples respectively. Exper
iments show that sampling and adversarial training can greatly boost the system. In End-to-end Pipeline phase, our system got an average F1 of 0.4703, significantly higher than the second-placed system which got an average F1 of 0.3828.
A core task in information extraction is event detection that identifies event triggers in sentences that are typically classified into event types. In this study an event is considered as the unit to measure diversity and similarity in news articles
in the framework of a news recommendation system. Current typology-based event detection approaches fail to handle the variety of events expressed in real-world situations. To overcome this, we aim to perform event salience classification and explore whether a transformer model is capable of classifying new information into less and more general prominence classes. After comparing a Support Vector Machine (SVM) baseline and our transformer-based classifier performances on several event span formats, we conceived multi-word event spans as syntactic clauses. Those are fed into our prominence classifier which is fine-tuned on pre-trained Dutch BERT word embeddings. On top of that we outperform a pipeline of a Conditional Random Field (CRF) approach to event-trigger word detection and the BERT-based classifier. To the best of our knowledge we present the first event extraction approach that combines an expert-based syntactic parser with a transformer-based classifier for Dutch.
suggested questions
Log in to be able to interact and post comments
comments
Fetching comments
Sign in to be able to follow your search criteria
