Current browse context:
cs.LG
Change to browse by:
References & Citations
Computer Science > Machine Learning
Title: Certified Robustness Against Natural Language Attacks by Causal Intervention
(Submitted on 24 May 2022 (v1), last revised 14 Oct 2022 (this version, v3))
Abstract: Deep learning models have achieved great success in many fields, yet they are vulnerable to adversarial examples. This paper follows a causal perspective to look into the adversarial vulnerability and proposes Causal Intervention by Semantic Smoothing (CISS), a novel framework towards robustness against natural language attacks. Instead of merely fitting observational data, CISS learns causal effects p(y|do(x)) by smoothing in the latent semantic space to make robust predictions, which scales to deep architectures and avoids tedious construction of noise customized for specific attacks. CISS is provably robust against word substitution attacks, as well as empirically robust even when perturbations are strengthened by unknown attack algorithms. For example, on YELP, CISS surpasses the runner-up by 6.7% in terms of certified robustness against word substitutions, and achieves 79.4% empirical robustness when syntactic attacks are integrated.
Submission history
From: Haiteng Zhao [view email][v1] Tue, 24 May 2022 19:20:48 GMT (1308kb,D)
[v2] Thu, 26 May 2022 09:30:53 GMT (1308kb,D)
[v3] Fri, 14 Oct 2022 18:47:53 GMT (1795kb,D)
Link back to: arXiv, form interface, contact.