TEXTSHIELD: Robust text classification based on multimodal embedding and neural machine translation

Jinfeng Li; Tianyu Du; Shouling Ji; Rong Zhang; Quan Lu; Min Yang; Ting Wang

TEXTSHIELD: Robust text classification based on multimodal embedding and neural machine translation

Jinfeng Li, Tianyu Du, Shouling Ji, Rong Zhang, Quan Lu, Min Yang, Ting Wang

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

26 Scopus citations

Abstract

Text-based toxic content detection is an important tool for reducing harmful interactions in online social media environments. Yet, its underlying mechanism, deep learning-based text classification (DLTC), is inherently vulnerable to maliciously crafted adversarial texts. To mitigate such vulnerabilities, intensive research has been conducted on strengthening English-based DLTC models. However, the existing defenses are not effective for Chinese-based DLTC models, due to the unique sparseness, diversity, and variation of the Chinese language. In this paper, we bridge this striking gap by presenting TEXTSHIELD, a new adversarial defense framework specifically designed for Chinese-based DLTC models. TEXTSHIELD differs from previous work in several key aspects: (i) generic - it applies to any Chinese-based DLTC models without requiring re-training; (ii) robust - it significantly reduces the attack success rate even under the setting of adaptive attacks; and (iii) accurate - it has little impact on the performance of DLTC models over legitimate inputs. Extensive evaluations show that it outperforms both existing methods and the industry-leading platforms. Future work will explore its applicability in broader practical tasks.

Original language	English (US)
Title of host publication	Proceedings of the 29th USENIX Security Symposium
Publisher	USENIX Association
Pages	1381-1398
Number of pages	18
ISBN (Electronic)	9781939133175
State	Published - 2020
Event	29th USENIX Security Symposium - Virtual, Online Duration: Aug 12 2020 → Aug 14 2020

Publication series

Name	Proceedings of the 29th USENIX Security Symposium

Conference

Conference	29th USENIX Security Symposium
City	Virtual, Online
Period	8/12/20 → 8/14/20

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Cite this

@inproceedings{38a4932779ad4dcfb540d05fc65aa1d8,

title = "TEXTSHIELD: Robust text classification based on multimodal embedding and neural machine translation",

abstract = "Text-based toxic content detection is an important tool for reducing harmful interactions in online social media environments. Yet, its underlying mechanism, deep learning-based text classification (DLTC), is inherently vulnerable to maliciously crafted adversarial texts. To mitigate such vulnerabilities, intensive research has been conducted on strengthening English-based DLTC models. However, the existing defenses are not effective for Chinese-based DLTC models, due to the unique sparseness, diversity, and variation of the Chinese language. In this paper, we bridge this striking gap by presenting TEXTSHIELD, a new adversarial defense framework specifically designed for Chinese-based DLTC models. TEXTSHIELD differs from previous work in several key aspects: (i) generic - it applies to any Chinese-based DLTC models without requiring re-training; (ii) robust - it significantly reduces the attack success rate even under the setting of adaptive attacks; and (iii) accurate - it has little impact on the performance of DLTC models over legitimate inputs. Extensive evaluations show that it outperforms both existing methods and the industry-leading platforms. Future work will explore its applicability in broader practical tasks.",

author = "Jinfeng Li and Tianyu Du and Shouling Ji and Rong Zhang and Quan Lu and Min Yang and Ting Wang",

note = "Funding Information: We sincerely appreciate the shepherding from David Evans. We would also like to thank the anonymous reviewers for their constructive comments and input to improve our paper. This work was partly supported by the National Key Research and Development Program of China under No. 2018YFB0804102, NSFC under No. 61772466, U1936215, and U1836202, the Zhejiang Provincial Natural Science Foundation for Distinguished Young Scholars under No. LR19F020003, the Provincial Key Research and Development Program of Zhejiang, China under No. 2019C01055, the Ant Financial Research Funding, and the Alibaba-ZJU Joint Research Institute of Frontier Technologies. Ting Wang is partially supported by the National Science Foundation under Grant No. 1910546, 1953813, and 1846151. Min Yang is partially supported by NSFC under No. U1636204 and U1836213. Min Yang is also a member of Shanghai Institute of Intelligent Electronics & Systems, Shanghai Institute for Advanced Communication and Data Science. Publisher Copyright: {\textcopyright} 2020 by The USENIX Association. All Rights Reserved.; 29th USENIX Security Symposium ; Conference date: 12-08-2020 Through 14-08-2020",

year = "2020",

language = "English (US)",

series = "Proceedings of the 29th USENIX Security Symposium",

publisher = "USENIX Association",

pages = "1381--1398",

booktitle = "Proceedings of the 29th USENIX Security Symposium",

}

TEXTSHIELD: Robust text classification based on multimodal embedding and neural machine translation. / Li, Jinfeng; Du, Tianyu; Ji, Shouling et al.
Proceedings of the 29th USENIX Security Symposium. USENIX Association, 2020. p. 1381-1398 (Proceedings of the 29th USENIX Security Symposium).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - TEXTSHIELD

T2 - 29th USENIX Security Symposium

AU - Li, Jinfeng

AU - Du, Tianyu

AU - Ji, Shouling

AU - Zhang, Rong

AU - Lu, Quan

AU - Yang, Min

AU - Wang, Ting

N1 - Funding Information: We sincerely appreciate the shepherding from David Evans. We would also like to thank the anonymous reviewers for their constructive comments and input to improve our paper. This work was partly supported by the National Key Research and Development Program of China under No. 2018YFB0804102, NSFC under No. 61772466, U1936215, and U1836202, the Zhejiang Provincial Natural Science Foundation for Distinguished Young Scholars under No. LR19F020003, the Provincial Key Research and Development Program of Zhejiang, China under No. 2019C01055, the Ant Financial Research Funding, and the Alibaba-ZJU Joint Research Institute of Frontier Technologies. Ting Wang is partially supported by the National Science Foundation under Grant No. 1910546, 1953813, and 1846151. Min Yang is partially supported by NSFC under No. U1636204 and U1836213. Min Yang is also a member of Shanghai Institute of Intelligent Electronics & Systems, Shanghai Institute for Advanced Communication and Data Science. Publisher Copyright: © 2020 by The USENIX Association. All Rights Reserved.

PY - 2020

Y1 - 2020

N2 - Text-based toxic content detection is an important tool for reducing harmful interactions in online social media environments. Yet, its underlying mechanism, deep learning-based text classification (DLTC), is inherently vulnerable to maliciously crafted adversarial texts. To mitigate such vulnerabilities, intensive research has been conducted on strengthening English-based DLTC models. However, the existing defenses are not effective for Chinese-based DLTC models, due to the unique sparseness, diversity, and variation of the Chinese language. In this paper, we bridge this striking gap by presenting TEXTSHIELD, a new adversarial defense framework specifically designed for Chinese-based DLTC models. TEXTSHIELD differs from previous work in several key aspects: (i) generic - it applies to any Chinese-based DLTC models without requiring re-training; (ii) robust - it significantly reduces the attack success rate even under the setting of adaptive attacks; and (iii) accurate - it has little impact on the performance of DLTC models over legitimate inputs. Extensive evaluations show that it outperforms both existing methods and the industry-leading platforms. Future work will explore its applicability in broader practical tasks.

AB - Text-based toxic content detection is an important tool for reducing harmful interactions in online social media environments. Yet, its underlying mechanism, deep learning-based text classification (DLTC), is inherently vulnerable to maliciously crafted adversarial texts. To mitigate such vulnerabilities, intensive research has been conducted on strengthening English-based DLTC models. However, the existing defenses are not effective for Chinese-based DLTC models, due to the unique sparseness, diversity, and variation of the Chinese language. In this paper, we bridge this striking gap by presenting TEXTSHIELD, a new adversarial defense framework specifically designed for Chinese-based DLTC models. TEXTSHIELD differs from previous work in several key aspects: (i) generic - it applies to any Chinese-based DLTC models without requiring re-training; (ii) robust - it significantly reduces the attack success rate even under the setting of adaptive attacks; and (iii) accurate - it has little impact on the performance of DLTC models over legitimate inputs. Extensive evaluations show that it outperforms both existing methods and the industry-leading platforms. Future work will explore its applicability in broader practical tasks.

UR - http://www.scopus.com/inward/record.url?scp=85091922570&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85091922570&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85091922570

T3 - Proceedings of the 29th USENIX Security Symposium

SP - 1381

EP - 1398

BT - Proceedings of the 29th USENIX Security Symposium

PB - USENIX Association

Y2 - 12 August 2020 through 14 August 2020

ER -

TEXTSHIELD: Robust text classification based on multimodal embedding and neural machine translation

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this