Abstract
Sentence-level attacks craft adversarial sentences that are synonymous with correctly-classified sentences but are misclassified by the text classifiers. Under the black-box setting, classifiers are only accessible through their feedback to queried inputs, which is predominately available in the form of class probabilities. Even though utilizing class probabilities results in stronger attacks, due to the challenges of using them for sentence-level attacks, existing attacks use either no feedback or only the class labels. Overcoming the challenges, we develop a novel algorithm that uses class probabilities for black-box sentence-level attacks, investigate the effectiveness of using class probabilities on the attack’s success, and examine the question if it is worthy or practical to use class probabilities by black-box sentence-level attacks. We conduct extensive evaluations of the proposed attack comparing with the baselines across various classifiers and benchmark datasets.- Anthology ID:
- 2024.findings-eacl.107
- Volume:
- Findings of the Association for Computational Linguistics: EACL 2024
- Month:
- March
- Year:
- 2024
- Address:
- St. Julian’s, Malta
- Editors:
- Yvette Graham, Matthew Purver
- Venue:
- Findings
- SIG:
- Publisher:
- Association for Computational Linguistics
- Note:
- Pages:
- 1557–1568
- Language:
- URL:
- https://preview.aclanthology.org/build-pipeline-with-new-library/2024.findings-eacl.107/
- DOI:
- Cite (ACL):
- Raha Moraffah and Huan Liu. 2024. Exploiting Class Probabilities for Black-box Sentence-level Attacks. In Findings of the Association for Computational Linguistics: EACL 2024, pages 1557–1568, St. Julian’s, Malta. Association for Computational Linguistics.
- Cite (Informal):
- Exploiting Class Probabilities for Black-box Sentence-level Attacks (Moraffah & Liu, Findings 2024)
- PDF:
- https://preview.aclanthology.org/build-pipeline-with-new-library/2024.findings-eacl.107.pdf