References & Citations
Computer Science > Computation and Language
Title: Elephant in the Room: An Evaluation Framework for Assessing Adversarial Examples in NLP
(Submitted on 22 Jan 2020 (v1), last revised 1 Jun 2020 (this version, v3))
Abstract: An adversarial example is an input transformed by small perturbations that machine learning models consistently misclassify. While there are a number of methods proposed to generate adversarial examples for text data, it is not trivial to assess the quality of these adversarial examples, as minor perturbations (such as changing a word in a sentence) can lead to a significant shift in their meaning, readability and classification label. In this paper, we propose an evaluation framework consisting of a set of automatic evaluation metrics and human evaluation guidelines, to rigorously assess the quality of adversarial examples based on the aforementioned properties. We experiment with six benchmark attacking methods and found that some methods generate adversarial examples with poor readability and content preservation. We also learned that multiple factors could influence the attacking performance, such as the length of the text inputs and architecture of the classifiers.
Submission history
From: Ying Xu [view email][v1] Wed, 22 Jan 2020 00:05:45 GMT (220kb,D)
[v2] Fri, 10 Apr 2020 06:09:37 GMT (87kb,D)
[v3] Mon, 1 Jun 2020 04:16:43 GMT (81kb,D)
Link back to: arXiv, form interface, contact.