We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.LG

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Machine Learning

Title: On the Transferability of Adversarial Attacksagainst Neural Text Classifier

Abstract: Deep neural networks are vulnerable to adversarial attacks, where a small perturbation to an input alters the model prediction. In many cases, malicious inputs intentionally crafted for one model can fool another model. In this paper, we present the first study to systematically investigate the transferability of adversarial examples for text classification models and explore how various factors, including network architecture, tokenization scheme, word embedding, and model capacity, affect the transferability of adversarial examples. Based on these studies, we propose a genetic algorithm to find an ensemble of models that can be used to induce adversarial examples to fool almost all existing models. Such adversarial examples reflect the defects of the learning process and the data bias in the training set. Finally, we derive word replacement rules that can be used for model diagnostics from these adversarial examples.
Subjects: Machine Learning (cs.LG); Computation and Language (cs.CL)
Cite as: arXiv:2011.08558 [cs.LG]
  (or arXiv:2011.08558v3 [cs.LG] for this version)

Submission history

From: Liping Yuan [view email]
[v1] Tue, 17 Nov 2020 10:45:05 GMT (1188kb,D)
[v2] Wed, 18 Nov 2020 02:05:43 GMT (1188kb,D)
[v3] Wed, 22 Sep 2021 02:35:08 GMT (831kb,D)

Link back to: arXiv, form interface, contact.