Semantic-Preserving Adversarial Example Attack against BERT

Chongyang Gao; Kang Gu; Soroush Vosoughi; Shagufta Mehnaz

doi:10.18653/v1/2024.trustnlp-1.17

Semantic-Preserving Adversarial Example Attack against BERT

Chongyang Gao, Kang Gu, Soroush Vosoughi, Shagufta Mehnaz

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

Adversarial example attacks against textual data have been drawing increasing attention in both the natural language processing (NLP) and security domains. However, most of the existing attacks overlook the importance of semantic similarity and yield easily recognizable adversarial samples. As a result, the defense methods developed in response to these attacks remain vulnerable and could be evaded by advanced adversarial examples that maintain high semantic similarity with the original, non-adversarial text. Hence, this paper aims to investigate the extent of textual adversarial examples in maintaining such high semantic similarity. We propose Reinforce attack, a reinforcement learning-based framework to generate adversarial text that preserves high semantic similarity with the original text. In particular, the attack process is controlled by a reward function rather than heuristics, as in previous methods, to encourage higher semantic similarity and lower query costs. Through automatic and human evaluations, we show that our generated adversarial texts preserve significantly higher semantic similarity than state-of-the-art attacks while achieving similar attack success rates (outperforming at times), thus uncovering novel challenges for effective defenses.

Original language	English (US)
Title of host publication	TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop
Editors	Anaelia Ovalle, Kai-Wei Chang, Yang Trista Cao, Ninareh Mehrabi, Jieyu Zhao, Aram Galstyan, Jwala Dhamala, Anoop Kumar, Rahul Gupta
Publisher	Association for Computational Linguistics (ACL)
Pages	202-207
Number of pages	6
ISBN (Electronic)	9798891761131
DOIs	https://doi.org/10.18653/v1/2024.trustnlp-1.17
State	Published - 2024
Event	4th Workshop on Trustworthy Natural Language Processing, TrustNLP 2024 - Mexico City, Mexico Duration: Jun 21 2024 → …

Publication series

Name	TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop

Conference

Conference	4th Workshop on Trustworthy Natural Language Processing, TrustNLP 2024
Country/Territory	Mexico
City	Mexico City
Period	6/21/24 → …

All Science Journal Classification (ASJC) codes

Language and Linguistics
Computational Theory and Mathematics
Software
Linguistics and Language

Access to Document

10.18653/v1/2024.trustnlp-1.17

Cite this

Gao, C., Gu, K., Vosoughi, S., & Mehnaz, S. (2024). Semantic-Preserving Adversarial Example Attack against BERT. In A. Ovalle, K.-W. Chang, Y. T. Cao, N. Mehrabi, J. Zhao, A. Galstyan, J. Dhamala, A. Kumar, & R. Gupta (Eds.), TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop (pp. 202-207). (TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop). Association for Computational Linguistics (ACL). https://doi.org/10.18653/v1/2024.trustnlp-1.17

Gao, Chongyang ; Gu, Kang ; Vosoughi, Soroush et al. / Semantic-Preserving Adversarial Example Attack against BERT. TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop. editor / Anaelia Ovalle ; Kai-Wei Chang ; Yang Trista Cao ; Ninareh Mehrabi ; Jieyu Zhao ; Aram Galstyan ; Jwala Dhamala ; Anoop Kumar ; Rahul Gupta. Association for Computational Linguistics (ACL), 2024. pp. 202-207 (TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop).

@inproceedings{ce394c8a2b8f4c59989cc1c6b294610b,

title = "Semantic-Preserving Adversarial Example Attack against BERT",

abstract = "Adversarial example attacks against textual data have been drawing increasing attention in both the natural language processing (NLP) and security domains. However, most of the existing attacks overlook the importance of semantic similarity and yield easily recognizable adversarial samples. As a result, the defense methods developed in response to these attacks remain vulnerable and could be evaded by advanced adversarial examples that maintain high semantic similarity with the original, non-adversarial text. Hence, this paper aims to investigate the extent of textual adversarial examples in maintaining such high semantic similarity. We propose Reinforce attack, a reinforcement learning-based framework to generate adversarial text that preserves high semantic similarity with the original text. In particular, the attack process is controlled by a reward function rather than heuristics, as in previous methods, to encourage higher semantic similarity and lower query costs. Through automatic and human evaluations, we show that our generated adversarial texts preserve significantly higher semantic similarity than state-of-the-art attacks while achieving similar attack success rates (outperforming at times), thus uncovering novel challenges for effective defenses.",

author = "Chongyang Gao and Kang Gu and Soroush Vosoughi and Shagufta Mehnaz",

note = "Publisher Copyright: {\textcopyright} 2024 Association for Computational Linguistics.; 4th Workshop on Trustworthy Natural Language Processing, TrustNLP 2024 ; Conference date: 21-06-2024",

year = "2024",

doi = "10.18653/v1/2024.trustnlp-1.17",

language = "English (US)",

series = "TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop",

publisher = "Association for Computational Linguistics (ACL)",

pages = "202--207",

editor = "Anaelia Ovalle and Kai-Wei Chang and Cao, \{Yang Trista\} and Ninareh Mehrabi and Jieyu Zhao and Aram Galstyan and Jwala Dhamala and Anoop Kumar and Rahul Gupta",

booktitle = "TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop",

}

Gao, C, Gu, K, Vosoughi, S & Mehnaz, S 2024, Semantic-Preserving Adversarial Example Attack against BERT. in A Ovalle, K-W Chang, YT Cao, N Mehrabi, J Zhao, A Galstyan, J Dhamala, A Kumar & R Gupta (eds), TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop. TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop, Association for Computational Linguistics (ACL), pp. 202-207, 4th Workshop on Trustworthy Natural Language Processing, TrustNLP 2024, Mexico City, Mexico, 6/21/24. https://doi.org/10.18653/v1/2024.trustnlp-1.17

Semantic-Preserving Adversarial Example Attack against BERT. / Gao, Chongyang; Gu, Kang; Vosoughi, Soroush et al.
TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop. ed. / Anaelia Ovalle; Kai-Wei Chang; Yang Trista Cao; Ninareh Mehrabi; Jieyu Zhao; Aram Galstyan; Jwala Dhamala; Anoop Kumar; Rahul Gupta. Association for Computational Linguistics (ACL), 2024. p. 202-207 (TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Semantic-Preserving Adversarial Example Attack against BERT

AU - Gao, Chongyang

AU - Gu, Kang

AU - Vosoughi, Soroush

AU - Mehnaz, Shagufta

PY - 2024

Y1 - 2024

N2 - Adversarial example attacks against textual data have been drawing increasing attention in both the natural language processing (NLP) and security domains. However, most of the existing attacks overlook the importance of semantic similarity and yield easily recognizable adversarial samples. As a result, the defense methods developed in response to these attacks remain vulnerable and could be evaded by advanced adversarial examples that maintain high semantic similarity with the original, non-adversarial text. Hence, this paper aims to investigate the extent of textual adversarial examples in maintaining such high semantic similarity. We propose Reinforce attack, a reinforcement learning-based framework to generate adversarial text that preserves high semantic similarity with the original text. In particular, the attack process is controlled by a reward function rather than heuristics, as in previous methods, to encourage higher semantic similarity and lower query costs. Through automatic and human evaluations, we show that our generated adversarial texts preserve significantly higher semantic similarity than state-of-the-art attacks while achieving similar attack success rates (outperforming at times), thus uncovering novel challenges for effective defenses.

AB - Adversarial example attacks against textual data have been drawing increasing attention in both the natural language processing (NLP) and security domains. However, most of the existing attacks overlook the importance of semantic similarity and yield easily recognizable adversarial samples. As a result, the defense methods developed in response to these attacks remain vulnerable and could be evaded by advanced adversarial examples that maintain high semantic similarity with the original, non-adversarial text. Hence, this paper aims to investigate the extent of textual adversarial examples in maintaining such high semantic similarity. We propose Reinforce attack, a reinforcement learning-based framework to generate adversarial text that preserves high semantic similarity with the original text. In particular, the attack process is controlled by a reward function rather than heuristics, as in previous methods, to encourage higher semantic similarity and lower query costs. Through automatic and human evaluations, we show that our generated adversarial texts preserve significantly higher semantic similarity than state-of-the-art attacks while achieving similar attack success rates (outperforming at times), thus uncovering novel challenges for effective defenses.

UR - https://www.scopus.com/pages/publications/105000823688

UR - https://www.scopus.com/inward/citedby.url?scp=105000823688&partnerID=8YFLogxK

U2 - 10.18653/v1/2024.trustnlp-1.17

DO - 10.18653/v1/2024.trustnlp-1.17

M3 - Conference contribution

AN - SCOPUS:105000823688

T3 - TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop

SP - 202

EP - 207

BT - TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop

A2 - Ovalle, Anaelia

A2 - Chang, Kai-Wei

A2 - Cao, Yang Trista

A2 - Mehrabi, Ninareh

A2 - Zhao, Jieyu

A2 - Galstyan, Aram

A2 - Dhamala, Jwala

A2 - Kumar, Anoop

A2 - Gupta, Rahul

PB - Association for Computational Linguistics (ACL)

T2 - 4th Workshop on Trustworthy Natural Language Processing, TrustNLP 2024

Y2 - 21 June 2024

ER -

Gao C, Gu K, Vosoughi S, Mehnaz S. Semantic-Preserving Adversarial Example Attack against BERT. In Ovalle A, Chang KW, Cao YT, Mehrabi N, Zhao J, Galstyan A, Dhamala J, Kumar A, Gupta R, editors, TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop. Association for Computational Linguistics (ACL). 2024. p. 202-207. (TrustNLP 2024 - 4th Workshop on Trustworthy Natural Language Processing, Proceedings of the Workshop). doi: 10.18653/v1/2024.trustnlp-1.17

Semantic-Preserving Adversarial Example Attack against BERT

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this