Generating Natural Language Attacks in a Hard Label Black Box Setting
Rishabh MaheshwarySaket MaheshwaryVikram Pudi
Abstract
We study an important and challenging task of attacking natural language processing models in a hard label black box setting. We propose a decision-based attack strategy that crafts high quality adversarial examples on text classification and entailment tasks. Our proposed attack strategy leverages population-based optimization algorithm to craft plausible and semantically similar adversarial examples by observing only the top label predicted by the target model. At each iteration, the optimization procedure allow word replacements that maximizes the overall semantic similarity between the original and the adversarial text. Further, our approach does not rely on using substitute models or any kind of training data. We demonstrate the efficacy of our proposed approach through extensive experimentation and ablation studies on five state-of-the-art target models across seven benchmark datasets. In comparison to attacks proposed in prior literature, we are able to achieve a higher success rate with lower word perturbation percentage that too in a highly restricted setting.
Metrics
Citation History
Topics
Related Documents
Generating Natural Language Attacks in a Hard Label Black Box Setting
Rishabh MaheshwarySaket MaheshwaryVikram Pudi
Textual Adversarial Attacks on Named Entity Recognition in a Hard Label Black Box Setting
Miaomiao LiJie YuShasha LiJun MaHuijun Liu
VIWHard: Text adversarial attacks based on important-word discriminator in the hard-label black-box setting
Hua ZhangJiahui WangHaoran GaoXin ZhangHuawei WangWenmin Li
Automatic Selection Attacks Framework for Hard Label Black-Box Models
Xiaolei LiuXiaoyu LiDesheng ZhengJiayu BaiYu PengShibin Zhang
Hard-Label Black-Box Adversarial Attacks for Implicit Scene Interactions
Muxue LiangChuan WangSiyuan LiangAishan LiuYanan CaoQingyong LiZeming LiuLiang YangXiaochun Cao