Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
110 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Effective and Imperceptible Adversarial Textual Attack via Multi-objectivization (2111.01528v4)

Published 2 Nov 2021 in cs.CL and cs.NE

Abstract: The field of adversarial textual attack has significantly grown over the last few years, where the commonly considered objective is to craft adversarial examples (AEs) that can successfully fool the target model. However, the imperceptibility of attacks, which is also essential for practical attackers, is often left out by previous studies. In consequence, the crafted AEs tend to have obvious structural and semantic differences from the original human-written text, making them easily perceptible. In this work, we advocate leveraging multi-objectivization to address such issue. Specifically, we reformulate the problem of crafting AEs as a multi-objective optimization problem, where the attack imperceptibility is considered as an auxiliary objective. Then, we propose a simple yet effective evolutionary algorithm, dubbed HydraText, to solve this problem. To the best of our knowledge, HydraText is currently the only approach that can be effectively applied to both score-based and decision-based attack settings. Exhaustive experiments involving 44237 instances demonstrate that HydraText consistently achieves competitive attack success rates and better attack imperceptibility than the recently proposed attack approaches. A human evaluation study also shows that the AEs crafted by HydraText are more indistinguishable from human-written text. Finally, these AEs exhibit good transferability and can bring notable robustness improvement to the target model by adversarial training.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (67)
  1. Explaining and harnessing adversarial examples. In Proceedings of the 3rd International Conference on Learning Representations, ICLR’2015, San Diego, CA, May 2015.
  2. One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation, 23(5):828–841, 2019.
  3. Adversarial machine learning for spam filters. In Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES’2020, pages 38:1–38:6, Online, Aug 2020.
  4. Adversarial examples for malware detection. In Proceedings of the 22nd European Symposium on Research in Computer Security, ESORICS’2017, pages 62–79, Oslo, Norway, Sep 2017.
  5. Universal adversarial triggers for attacking and analyzing NLP. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing, EMNLP-IJCNLP’2019, pages 2153–2162, Hong Kong, China, Nov 2019.
  6. Adversarial attacks on deep-learning models in natural language processing: A survey. ACM Transactions on Intelligent Systems and Technology, 11(3):24:1–24:41, 2020.
  7. Hotflip: White-box adversarial examples for text classification. In Proceedings of the 56th Annual Meeting of the Association for Computational Linguistics, ACL’2018, pages 31–36, Melbourne, Australia, Jul 2018.
  8. Generating natural language adversarial examples. In Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing, EMNLP’2018, pages 2890–2896, Brussels, Belgium, Oct 2018.
  9. Generating natural language attacks in a hard label black box setting. In Proceedings of the 35th AAAI Conference on Artificial Intelligence, AAAI’2021, pages 13525–13533, Virtual Event, Feb 2021.
  10. Combating adversarial misspellings with robust word recognition. In Proceedings of the 57th Conference of the Association for Computational Linguistics, ACL’2019, pages 5582–5591, Florence, Italy, Jul 2019.
  11. Generating natural language adversarial examples through probability weighted word saliency. In Proceedings of the 57th Conference of the Association for Computational Linguistics, ACL’2019, pages 1085–1097, Florence, Italy, Jul 2019.
  12. Word-level textual adversarial attacking as combinatorial optimization. In Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics, ACL’2020, pages 6066–6080, Online, Jul 2020.
  13. Is BERT really robust? A strong baseline for natural language attack on text classification and entailment. In Proceedings of the 34th AAAI Conference on Artificial Intelligence, AAAI’2020, pages 8018–8025, New York, NY, Feb 2020.
  14. Efficient combinatorial optimization for word-level adversarial textual attack. 30:98–111, 2022a.
  15. Attention-based genetic algorithm for adversarial attack in natural language processing. In Proceedings of the 17th International Conference on Parallel Problem Solving from Nature, PPSN’2022, pages 341–355, Dortmund, Germany, Sep 2022.
  16. Bo Pang and Lillian Lee. Seeing stars: Exploiting class relationships for sentiment categorization with respect to rating scales. In Proceedings of the 43rd Annual Meeting of the Association for Computational Linguistics, ACL’2005, pages 115–124, Ann Arbor, MI, Jun 2005.
  17. Saliency attack: Towards imperceptible black-box adversarial attack. ACM Transactions on Intelligent Systems and Technology, 14(3):45:1–45:20, 2023.
  18. Adversarial examples versus cloud-based detectors: A black-box empirical study. CoRR, abs/1901.01223, 2019.
  19. Multiobjectivization of single-objective optimization in evolutionary computation: A survey. IEEE Transactions on Cybernetics, 53(6):3702–3715, 2023.
  20. Crafting adversarial input sequences for recurrent neural networks. In Proceedings of 35th IEEE Military Communications Conference, MILCOM’2016, pages 49–54, Baltimore, MD, Nov 2016.
  21. Interpretable adversarial perturbation in input embedding space for text. In Proceedings of the 27th International Joint Conference on Artificial Intelligence, IJCAI’2018, pages 4323–4330, Stockholm, Sweden, Jul 2018.
  22. Deep text classification can be fooled. In Proceedings of the 27th International Joint Conference on Artificial Intelligence, IJCAI’2018, pages 4208–4215, Stockholm, Sweden, Jul 2018.
  23. Adversarial black-box attacks on text classifiers using multi-objective genetic optimization guided by deep networks. CoRR, abs/2011.03901, 2020.
  24. Generating natural adversarial examples. In Proceedings of the 6th International Conference on Learning Representations, ICLR’2018, Vancouver, Canada, Apr 2018.
  25. Semantically equivalent adversarial rules for debugging NLP models. In Proceedings of the 56th Annual Meeting of the Association for Computational Linguistics, ACL’2018, pages 856–865, Melbourne, Australia, Jul 2018.
  26. Qos-aware long-term based service composition in cloud computing. In Proceedings of the 2015 IEEE Congress on Evolutionary Computation, CEC’2015, pages 3362–3369, Sendai, Japan, May 2015.
  27. Genetic improvement of routing protocols for delay tolerant networks. ACM Transactions on Evolutionary Learning and Optimization, 1(1):4:1–4:37, 2021.
  28. Generative adversarial construction of parallel portfolios. IEEE Transactions on Cybernetics, 52(2):784–795, 2022b.
  29. A novel approach to designing surrogate-assisted genetic algorithms by combining efficient learning of walsh coefficients and dependencies. ACM Transactions on Evolutionary Learning and Optimization, 1(2):5:1–5:23, 2021.
  30. Few-shots parallel algorithm portfolio construction via co-evolution. IEEE Transactions on Evolutionary Computation, 25(3):595–607, 2021.
  31. A population cooperation based particle swarm optimization algorithm for large-scale multi-objective optimization. Swarm and Evolutionary Computation, 83:101377, 2023.
  32. Memetic search for vehicle routing with simultaneous pickup-delivery and time windows. Swarm and Evolutionary Computation, 66:100927, 2021.
  33. Kenneth A. De Jong. Evolutionary computation - A Unified Approach. MIT Press, 2006.
  34. Performance assessment of multiobjective optimizers: an analysis and review. IEEE Transactions on Evolutionary Computation, 7(2):117–132, 2003.
  35. A tutorial on the performance assessment of stochastic multiobjective optimizers. TIK-report, 214, 2006.
  36. A two-population algorithm for large-scale multi-objective optimization based on fitness-aware operator and adaptive environmental selection. IEEE Transactions on Evolutionary Computation, pages 1–1, 2023. doi: 10.1109/TEVC.2023.3296488.
  37. Reducing idleness in financial cloud via multi-objective evolutionary reinforcement learning based load balancer. arXiv preprint arXiv:2305.03463, 2023.
  38. Adversarial example generation using evolutionary multi-objective optimization. In Proceedings of the 2019 IEEE Congress on Evolutionary Computation, CEC’2019, pages 2136–2144, Wellington,New Zealand, Jun 2019.
  39. A multi-objective examples generation approach to fool the deep neural networks in the black-box scenario. In Proceedings of the 4th IEEE International Conference on Data Science in Cyberspace, DSC’2019, pages 92–99, Hangzhou, China, Jun 2019.
  40. Adversarial black-box attacks on automatic speech recognition systems using multi-objective evolutionary optimization. In Gernot Kubin and Zdravko Kacic, editors, Proceedings of the 20th Annual Conference of the International Speech Communication Association, Interspeech’2019, pages 3208–3212, Graz, Austria, Sep 2019.
  41. Effective universal unrestricted adversarial attacks using a MOE approach. In Proceedings of the 24th International Conference on Applications of Evolutionary Computation, EvoApplications’2021, pages 552–567, Virtual Event, Apr 2021.
  42. Lie to me: Shield your emotions from prying software. Sensors, 22(3):967, 2022.
  43. Reducing local optima in single-objective problems by multi-objectivization. In Proceedings of the 1st International Conference on Evolutionary Multi-Criterion Optimization, EMO’2001, pages 269–283, Zurich, Switzerland, Mar 2001.
  44. Multiobjectivization via helper-objectives with the tunable objectives problem. IEEE Transactions on Evolutionary Computation, 16(3):373–390, 2011.
  45. Multiobjectivisation of the antenna positioning problem. In Proceedings of the 2011 International Symposium on Distributed Computing and Artificial Intelligence, DCAI’2011, pages 319–327, Salamanca, Spain, Apr 2011.
  46. Learning word vectors for sentiment analysis. In Proceedings of the 49th Annual Meeting of the Association for Computational Linguistics: Human Language Technologies, ACL-HLT’2011, pages 142–150, Portland, OR, Jun 2011.
  47. Less is more: Understanding word-level textual adversarial attack via n-gram frequency descend. arXiv preprint arXiv:2302.02568.
  48. Kaisa Miettinen. Nonlinear Multiobjective Optimization. Kluwer Academic Publishers, 1999.
  49. Kalyanmoy Deb. Multi-objective Optimization Using Evolutionary Algorithms. Wiley, 2001.
  50. Performance analysis of evolutionary algorithms for the minimum label spanning tree problem. IEEE Transactions on Evolutionary Computation, 18(6):860–872, 2014.
  51. Chao Qian. Distributed pareto optimization for large-scale noisy subset selection. IEEE Transactions on Evolutionary Computation, 24(4):694–707, 2020.
  52. A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE Transactions on Evolutionary Computation, 6(2):182–197, 2002.
  53. MOEA/D: A multiobjective evolutionary algorithm based on decomposition. IEEE Transactions on Evolutionary Computation, 11(6):712–731, 2007.
  54. Universal sentence encoder. CoRR, abs/1803.11175, 2018.
  55. Character-level convolutional networks for text classification. In Proceedings of the 28th Annual Conference on Neural Information Processing Systems, NeurIPS’2015, pages 649–657, Quebec, Canada, Dec 2015.
  56. A large annotated corpus for learning natural language inference. In Proceedings of the 2015 Conference on Empirical Methods in Natural Language Processing, EMNLP’2015, pages 632–642, Lisbon, Portugal, Sep 2015.
  57. A broad-coverage challenge corpus for sentence understanding through inference. In Proceedings of the 2018 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, NAACL-HLT’2018, pages 1112–1122, New Orleans, LI, Jun 2018. Association for Computational Linguistics.
  58. Yoon Kim. Convolutional neural networks for sentence classification. In Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing, EMNLP’2014, pages 1746–1751, Doha, Qatar, Oct 2014.
  59. Long short-term memory. Neural computation, 9(8):1735–1780, 1997.
  60. Bert: Pre-training of deep bidirectional transformers for language understanding. In Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, NAACL-HLT’2019, pages 4171–4186, Minneapolis, MN, Jun 2019.
  61. Enhanced LSTM for natural language inference. In Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics, ACL’2017, pages 1657–1668, Vancouver, Canada, Jul 2017.
  62. Supervised learning of universal sentence representations from natural language inference data. In Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, EMNLP’2017, pages 670–680, Copenhagen, Denmark, Sep 2017.
  63. On performance estimation in automatic algorithm configuration. In Proceedings of the 34th AAAI Conference on Artificial Intelligence, AAAI’ 2020, pages 2384–2391, New York, NY, Feb 2020.
  64. Language models are unsupervised multitask learners. OpenAI blog, 1(8):9, 2019.
  65. How good is neural combinatorial optimization? A systematic evaluation on the traveling salesman problem. IEEE Computational Intelligence Magazine, 18(3):14–28, 2023a.
  66. Automatic construction of parallel portfolios via explicit instance grouping. In Proceedings of the 33rd AAAI Conference on Artificial Intelligence, AAAI’ 2019, pages 1560–1567, Honolulu, HI, Jan 2019.
  67. Reliable robustness evaluation via automatically constructed attack ensembles. In Brian Williams, Yiling Chen, and Jennifer Neville, editors, Proceedings of the 37th AAAI Conference on Artificial Intelligence, AAAI’2023, pages 8852–8860, Washington, DC, Feb 2023b.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (5)
  1. Shengcai Liu (40 papers)
  2. Ning Lu (88 papers)
  3. Wenjing Hong (7 papers)
  4. Chao Qian (90 papers)
  5. Ke Tang (107 papers)
Citations (10)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now