We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Computation and Language

Title: BERT is Robust! A Case Against Synonym-Based Adversarial Examples in Text Classification

Abstract: Deep Neural Networks have taken Natural Language Processing by storm. While this led to incredible improvements across many tasks, it also initiated a new research field, questioning the robustness of these neural networks by attacking them. In this paper, we investigate four word substitution-based attacks on BERT. We combine a human evaluation of individual word substitutions and a probabilistic analysis to show that between 96% and 99% of the analyzed attacks do not preserve semantics, indicating that their success is mainly based on feeding poor data to the model. To further confirm that, we introduce an efficient data augmentation procedure and show that many adversarial examples can be prevented by including data similar to the attacks during training. An additional post-processing step reduces the success rates of state-of-the-art attacks below 5%. Finally, by looking at more reasonable thresholds on constraints for word substitutions, we conclude that BERT is a lot more robust than research on attacks suggests.
Comments: 12 pages with appendix, 7 figures
Subjects: Computation and Language (cs.CL)
Cite as: arXiv:2109.07403 [cs.CL]
  (or arXiv:2109.07403v1 [cs.CL] for this version)

Submission history

From: Jens Hauser [view email]
[v1] Wed, 15 Sep 2021 16:15:16 GMT (823kb,D)

Link back to: arXiv, form interface, contact.