Certified Robustness to Text Adversarial Attacks by Randomized [MASK]
Recently, few certified defense methods have been developed to provably guarantee the robustness of a text classifier to adversarial synonym substitutions. However, all existing certified defense methods assume that the defenders are informed of how the adversaries generate synonyms, which is not a...
Gespeichert in:
| Hauptverfasser: | , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Zeng, Jiehang Zheng, Xiaoqing Xu, Jianhan Li, Linyang Yuan, Liping Huang, Xuanjing |
| description | Recently, few certified defense methods have been developed to provably
guarantee the robustness of a text classifier to adversarial synonym
substitutions. However, all existing certified defense methods assume that the
defenders are informed of how the adversaries generate synonyms, which is not a
realistic scenario. In this paper, we propose a certifiably robust defense
method by randomly masking a certain proportion of the words in an input text,
in which the above unrealistic assumption is no longer necessary. The proposed
method can defend against not only word substitution-based attacks, but also
character-level perturbations. We can certify the classifications of over 50%
texts to be robust to any perturbation of 5 words on AGNEWS, and 2 words on
SST2 dataset. The experimental results show that our randomized smoothing
method significantly outperforms recently proposed defense methods across
multiple datasets. |
| doi_str_mv | 10.48550/arxiv.2105.03743 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2105_03743</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2105_03743</sourcerecordid><originalsourceid>FETCH-LOGICAL-a673-c50fbcffbba31831e6418ce30764524f13486ef2ba76abfdc07237bc5a0cc8723</originalsourceid><addsrcrecordid>eNotz8tKAzEYBeBsXEj1AVyZF5gxmT-37TDUC1aEOjspw59MAqGXkSSW1qe31q7O2ZwDHyF3nNXCSMkeMB3ivm44kzUDLeCazDufSgzRj3Q52e9cdj5nWiba-0Oh7bj3KWOKuKFtKejWmdojXeJunLbx5zT6fGs_Xlc35CrgJvvbS85I_zjvu-dq8f700rWLCpWGykkWrAvBWgRugHsluHEemFZCNiJwEEb50FjUCm0YHdMNaOskMufMqc_I_f_t2TF8pbjFdBz-PMPZA7-U80WQ</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Certified Robustness to Text Adversarial Attacks by Randomized [MASK]</title><source>arXiv.org</source><creator>Zeng, Jiehang ; Zheng, Xiaoqing ; Xu, Jianhan ; Li, Linyang ; Yuan, Liping ; Huang, Xuanjing</creator><creatorcontrib>Zeng, Jiehang ; Zheng, Xiaoqing ; Xu, Jianhan ; Li, Linyang ; Yuan, Liping ; Huang, Xuanjing</creatorcontrib><description>Recently, few certified defense methods have been developed to provably
guarantee the robustness of a text classifier to adversarial synonym
substitutions. However, all existing certified defense methods assume that the
defenders are informed of how the adversaries generate synonyms, which is not a
realistic scenario. In this paper, we propose a certifiably robust defense
method by randomly masking a certain proportion of the words in an input text,
in which the above unrealistic assumption is no longer necessary. The proposed
method can defend against not only word substitution-based attacks, but also
character-level perturbations. We can certify the classifications of over 50%
texts to be robust to any perturbation of 5 words on AGNEWS, and 2 words on
SST2 dataset. The experimental results show that our randomized smoothing
method significantly outperforms recently proposed defense methods across
multiple datasets.</description><identifier>DOI: 10.48550/arxiv.2105.03743</identifier><language>eng</language><subject>Computer Science - Computation and Language</subject><creationdate>2021-05</creationdate><rights>http://creativecommons.org/licenses/by-nc-nd/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2105.03743$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2105.03743$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Zeng, Jiehang</creatorcontrib><creatorcontrib>Zheng, Xiaoqing</creatorcontrib><creatorcontrib>Xu, Jianhan</creatorcontrib><creatorcontrib>Li, Linyang</creatorcontrib><creatorcontrib>Yuan, Liping</creatorcontrib><creatorcontrib>Huang, Xuanjing</creatorcontrib><title>Certified Robustness to Text Adversarial Attacks by Randomized [MASK]</title><description>Recently, few certified defense methods have been developed to provably
guarantee the robustness of a text classifier to adversarial synonym
substitutions. However, all existing certified defense methods assume that the
defenders are informed of how the adversaries generate synonyms, which is not a
realistic scenario. In this paper, we propose a certifiably robust defense
method by randomly masking a certain proportion of the words in an input text,
in which the above unrealistic assumption is no longer necessary. The proposed
method can defend against not only word substitution-based attacks, but also
character-level perturbations. We can certify the classifications of over 50%
texts to be robust to any perturbation of 5 words on AGNEWS, and 2 words on
SST2 dataset. The experimental results show that our randomized smoothing
method significantly outperforms recently proposed defense methods across
multiple datasets.</description><subject>Computer Science - Computation and Language</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotz8tKAzEYBeBsXEj1AVyZF5gxmT-37TDUC1aEOjspw59MAqGXkSSW1qe31q7O2ZwDHyF3nNXCSMkeMB3ivm44kzUDLeCazDufSgzRj3Q52e9cdj5nWiba-0Oh7bj3KWOKuKFtKejWmdojXeJunLbx5zT6fGs_Xlc35CrgJvvbS85I_zjvu-dq8f700rWLCpWGykkWrAvBWgRugHsluHEemFZCNiJwEEb50FjUCm0YHdMNaOskMufMqc_I_f_t2TF8pbjFdBz-PMPZA7-U80WQ</recordid><startdate>20210508</startdate><enddate>20210508</enddate><creator>Zeng, Jiehang</creator><creator>Zheng, Xiaoqing</creator><creator>Xu, Jianhan</creator><creator>Li, Linyang</creator><creator>Yuan, Liping</creator><creator>Huang, Xuanjing</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20210508</creationdate><title>Certified Robustness to Text Adversarial Attacks by Randomized [MASK]</title><author>Zeng, Jiehang ; Zheng, Xiaoqing ; Xu, Jianhan ; Li, Linyang ; Yuan, Liping ; Huang, Xuanjing</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a673-c50fbcffbba31831e6418ce30764524f13486ef2ba76abfdc07237bc5a0cc8723</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Computer Science - Computation and Language</topic><toplevel>online_resources</toplevel><creatorcontrib>Zeng, Jiehang</creatorcontrib><creatorcontrib>Zheng, Xiaoqing</creatorcontrib><creatorcontrib>Xu, Jianhan</creatorcontrib><creatorcontrib>Li, Linyang</creatorcontrib><creatorcontrib>Yuan, Liping</creatorcontrib><creatorcontrib>Huang, Xuanjing</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Zeng, Jiehang</au><au>Zheng, Xiaoqing</au><au>Xu, Jianhan</au><au>Li, Linyang</au><au>Yuan, Liping</au><au>Huang, Xuanjing</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Certified Robustness to Text Adversarial Attacks by Randomized [MASK]</atitle><date>2021-05-08</date><risdate>2021</risdate><abstract>Recently, few certified defense methods have been developed to provably
guarantee the robustness of a text classifier to adversarial synonym
substitutions. However, all existing certified defense methods assume that the
defenders are informed of how the adversaries generate synonyms, which is not a
realistic scenario. In this paper, we propose a certifiably robust defense
method by randomly masking a certain proportion of the words in an input text,
in which the above unrealistic assumption is no longer necessary. The proposed
method can defend against not only word substitution-based attacks, but also
character-level perturbations. We can certify the classifications of over 50%
texts to be robust to any perturbation of 5 words on AGNEWS, and 2 words on
SST2 dataset. The experimental results show that our randomized smoothing
method significantly outperforms recently proposed defense methods across
multiple datasets.</abstract><doi>10.48550/arxiv.2105.03743</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2105.03743 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2105_03743 |
| source | arXiv.org |
| subjects | Computer Science - Computation and Language |
| title | Certified Robustness to Text Adversarial Attacks by Randomized [MASK] |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T17%3A19%3A26IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Certified%20Robustness%20to%20Text%20Adversarial%20Attacks%20by%20Randomized%20%5BMASK%5D&rft.au=Zeng,%20Jiehang&rft.date=2021-05-08&rft_id=info:doi/10.48550/arxiv.2105.03743&rft_dat=%3Carxiv_GOX%3E2105_03743%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |