Abstract
Universal adversarial texts (UATs) refer to short pieces of text units that can largely affect the predictions of NLP models. Recent studies on universal adversarial attacks assume the accessibility of datasets for the task, which is not realistic. We propose two types of Data-Free Adjusted Gradient (DFAG) attacks to show that it is possible to generate effective UATs with only one arbitrary example which could be manually crafted. Based on the proposed DFAG attacks, this paper explores the vulnerability of commonly used NLP models in terms of two factors: network architectures and pre-trained embeddings. Our empirical studies on three text classification datasets reveal that: 1) CNN based models are more extremely vulnerable to UATs while self-attention models show the most robustness, 2) the vulnerability of CNN and LSTM models and robustness of self-attention models could be attributed to whether they rely on training data artifacts for their predictions, and 3) the pre-trained embeddings could expose vulnerability to both universal adversarial attack and the UAT transfer attack.- Anthology ID:
- 2021.alta-1.14
- Volume:
- Proceedings of the 19th Annual Workshop of the Australasian Language Technology Association
- Month:
- December
- Year:
- 2021
- Address:
- Online
- Editors:
- Afshin Rahimi, William Lane, Guido Zuccon
- Venue:
- ALTA
- SIG:
- Publisher:
- Australasian Language Technology Association
- Note:
- Pages:
- 138–148
- Language:
- URL:
- https://preview.aclanthology.org/build-pipeline-with-new-library/2021.alta-1.14/
- DOI:
- Cite (ACL):
- Xinzhe Li, Ming Liu, Xingjun Ma, and Longxiang Gao. 2021. Exploring the Vulnerability of Natural Language Processing Models via Universal Adversarial Texts. In Proceedings of the 19th Annual Workshop of the Australasian Language Technology Association, pages 138–148, Online. Australasian Language Technology Association.
- Cite (Informal):
- Exploring the Vulnerability of Natural Language Processing Models via Universal Adversarial Texts (Li et al., ALTA 2021)
- PDF:
- https://preview.aclanthology.org/build-pipeline-with-new-library/2021.alta-1.14.pdf
- Code
- xinzhel/attack_alta
- Data
- AG News, SST, SST-2