We introduce a grey-box adversarial attack and defence framework for sentiment classification. We address the issues of differentiability, label preservation and input reconstruction for adversarial attack and defence in one unified framework. Our results show that once trained, the attacking model is capable of generating high-quality adversarial examples substantially faster (one order of magnitude less in time) than state-of-the-art attacking methods. These examples also preserve the original sentiment according to human evaluation. Additionally, our framework produces an improved classifier that is robust in defending against multiple adversarial attacking methods. Code is available at: https://github.com/ibm-aur-nlp/adv-def-text-dist.
翻译:我们采用灰箱对抗性攻击和防御框架来进行情绪分类,我们在一个统一的框架内处理差异性、标签保存和为对抗性攻击和防御进行投入重建的问题,我们的结果表明,攻击模式经过训练后,能够产生比最先进的攻击方法快得多的高质量对抗性例子(数量级比时间上少一个级),这些例子还根据人类的评价保留了原有的情绪。此外,我们的框架产生了一个经改进的分类器,在防御多重对抗性攻击方法方面非常有力。代码见https://github.com/ibm-aur-nlp/adv-def-text-dist。
相关内容
微信扫码咨询专知VIP会员