Universal Adversarial Attacks with Natural Triggers for Text Classification

Liwei Song; Xinwei Yu; Hsuan Tung Peng; Karthik Narasimhan

Universal Adversarial Attacks with Natural Triggers for Text Classification

Liwei Song, Xinwei Yu, Hsuan Tung Peng, Karthik Narasimhan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recent work has demonstrated the vulnerability of modern text classifiers to universal adversarial attacks, which are input-agnostic sequences of words added to text processed by classifiers. Despite being successful, the word sequences produced in such attacks are often ungrammatical and can be easily distinguished from natural text. We develop adversarial attacks that appear closer to natural English phrases and yet confuse classification systems when added to benign inputs. We leverage an adversarially regularized autoencoder (ARAE) (Zhao et al., 2018a) to generate triggers and propose a gradient-based search that aims to maximize the downstream classifier’s prediction loss. Our attacks effectively reduce model accuracy on classification tasks while being less identifiable than prior models as per automatic detection metrics and human-subject studies. Our aim is to demonstrate that adversarial attacks can be made harder to detect than previously thought and to enable the development of appropriate defenses.

Original language	English (US)
Title of host publication	NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics
Subtitle of host publication	Human Language Technologies, Proceedings of the Conference
Publisher	Association for Computational Linguistics (ACL)
Pages	3724-3733
Number of pages	10
ISBN (Electronic)	9781954085466
State	Published - 2021
Event	2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, NAACL-HLT 2021 - Virtual, Online Duration: Jun 6 2021 → Jun 11 2021

Publication series

Name	NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference

Conference

Conference	2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, NAACL-HLT 2021
City	Virtual, Online
Period	6/6/21 → 6/11/21

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Hardware and Architecture
Information Systems
Software

Cite this

Song, L., Yu, X., Peng, H. T., & Narasimhan, K. (2021). Universal Adversarial Attacks with Natural Triggers for Text Classification. In NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference (pp. 3724-3733). (NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference). Association for Computational Linguistics (ACL).

Song, Liwei ; Yu, Xinwei ; Peng, Hsuan Tung et al. / Universal Adversarial Attacks with Natural Triggers for Text Classification. NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference. Association for Computational Linguistics (ACL), 2021. pp. 3724-3733 (NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference).

@inproceedings{358f21f0cbd64abc89c05607dd83385b,

title = "Universal Adversarial Attacks with Natural Triggers for Text Classification",

abstract = "Recent work has demonstrated the vulnerability of modern text classifiers to universal adversarial attacks, which are input-agnostic sequences of words added to text processed by classifiers. Despite being successful, the word sequences produced in such attacks are often ungrammatical and can be easily distinguished from natural text. We develop adversarial attacks that appear closer to natural English phrases and yet confuse classification systems when added to benign inputs. We leverage an adversarially regularized autoencoder (ARAE) (Zhao et al., 2018a) to generate triggers and propose a gradient-based search that aims to maximize the downstream classifier{\textquoteright}s prediction loss. Our attacks effectively reduce model accuracy on classification tasks while being less identifiable than prior models as per automatic detection metrics and human-subject studies. Our aim is to demonstrate that adversarial attacks can be made harder to detect than previously thought and to enable the development of appropriate defenses.",

author = "Liwei Song and Xinwei Yu and Peng, {Hsuan Tung} and Karthik Narasimhan",

note = "Publisher Copyright: {\textcopyright} 2021 Association for Computational Linguistics.; 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, NAACL-HLT 2021 ; Conference date: 06-06-2021 Through 11-06-2021",

year = "2021",

language = "English (US)",

series = "NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference",

publisher = "Association for Computational Linguistics (ACL)",

pages = "3724--3733",

booktitle = "NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics",

}

Song, L, Yu, X, Peng, HT & Narasimhan, K 2021, Universal Adversarial Attacks with Natural Triggers for Text Classification. in NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference. NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference, Association for Computational Linguistics (ACL), pp. 3724-3733, 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, NAACL-HLT 2021, Virtual, Online, 6/6/21.

Universal Adversarial Attacks with Natural Triggers for Text Classification. / Song, Liwei; Yu, Xinwei; Peng, Hsuan Tung et al.
NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference. Association for Computational Linguistics (ACL), 2021. p. 3724-3733 (NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Universal Adversarial Attacks with Natural Triggers for Text Classification

AU - Song, Liwei

AU - Yu, Xinwei

AU - Peng, Hsuan Tung

AU - Narasimhan, Karthik

PY - 2021

Y1 - 2021

N2 - Recent work has demonstrated the vulnerability of modern text classifiers to universal adversarial attacks, which are input-agnostic sequences of words added to text processed by classifiers. Despite being successful, the word sequences produced in such attacks are often ungrammatical and can be easily distinguished from natural text. We develop adversarial attacks that appear closer to natural English phrases and yet confuse classification systems when added to benign inputs. We leverage an adversarially regularized autoencoder (ARAE) (Zhao et al., 2018a) to generate triggers and propose a gradient-based search that aims to maximize the downstream classifier’s prediction loss. Our attacks effectively reduce model accuracy on classification tasks while being less identifiable than prior models as per automatic detection metrics and human-subject studies. Our aim is to demonstrate that adversarial attacks can be made harder to detect than previously thought and to enable the development of appropriate defenses.

AB - Recent work has demonstrated the vulnerability of modern text classifiers to universal adversarial attacks, which are input-agnostic sequences of words added to text processed by classifiers. Despite being successful, the word sequences produced in such attacks are often ungrammatical and can be easily distinguished from natural text. We develop adversarial attacks that appear closer to natural English phrases and yet confuse classification systems when added to benign inputs. We leverage an adversarially regularized autoencoder (ARAE) (Zhao et al., 2018a) to generate triggers and propose a gradient-based search that aims to maximize the downstream classifier’s prediction loss. Our attacks effectively reduce model accuracy on classification tasks while being less identifiable than prior models as per automatic detection metrics and human-subject studies. Our aim is to demonstrate that adversarial attacks can be made harder to detect than previously thought and to enable the development of appropriate defenses.

UR - http://www.scopus.com/inward/record.url?scp=85137728663&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85137728663&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85137728663

T3 - NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference

SP - 3724

EP - 3733

BT - NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics

PB - Association for Computational Linguistics (ACL)

T2 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, NAACL-HLT 2021

Y2 - 6 June 2021 through 11 June 2021

ER -

Song L, Yu X, Peng HT, Narasimhan K. Universal Adversarial Attacks with Natural Triggers for Text Classification. In NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference. Association for Computational Linguistics (ACL). 2021. p. 3724-3733. (NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference).

Universal Adversarial Attacks with Natural Triggers for Text Classification

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this