Affiliation:
1. University of Technology Sydney, NSW, Australia
2. CSIRO’s Data61, Sydney, NSW, Australia
Abstract
Many adversarial attacks target natural language processing systems, most of which succeed through modifying the individual tokens of a document. Despite the apparent uniqueness of each of these attacks, fundamentally they are simply a distinct configuration of four components: a goal function, allowable transformations, a search method, and constraints. In this survey, we systematically present the different components used throughout the literature, using an attack-independent framework which allows for easy comparison and categorisation of components. Our work aims to serve as a comprehensive guide for newcomers to the field and to spark targeted research into refining the individual attack components.
Reference94 articles.
1. Improving the Reliability of Deep Neural Networks in NLP: A Review
2. Generating Natural Language Adversarial Examples
3. Y. Belinkov and Y. Bisk, Synthetic and natural noise both break neural machine translation, in: 6th International Conference on Learning Representations, {ICLR} 2018, Vancouver, BC, Canada, April 30–May 3, 2018, Conference Track Proceedings, OpenReview.net, 2018. https://openreview.net/forum?id=BJ8vJebC.
4. Don’t Search for a Search Method — Simple Heuristics Suffice for Adversarial Text Attacks
5. Bad Characters: Imperceptible NLP Attacks
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献