Multi-granularity Textual Adversarial Attack with Behavior Cloning (2021.emnlp-main)
Copied to clipboard
| Challenge: | Existing adversarial attack models are vulnerable to adversarials crafted by human-imperceptible perturbations. |
| Approach: | They propose a multi-granularity adversarial attack model that generates high-quality adversarials with fewer queries to victim models. |
| Outcome: | The proposed model generates high-quality adversarial samples with fewer queries to victim models compared to baseline models . the proposed model also reduces query times for black-box models that only output labels without confidence scores . |
Similar Papers
A Closer Look into the Robustness of Neural Dependency Parsers Using Better Adversarial Examples (2021.findings-acl)
Copied to clipboard
| Challenge: | Neural network-based models have been successful in a wide range of NLP tasks, but their performance is undermined by adversarial examples that would pose no confusion for humans. |
| Approach: | They propose a method to generate high-quality adversarial examples with a higher number of candidate generators and stricter filters and then verify their quality using automatic and human evaluations. |
| Outcome: | The proposed method improves the robustness of English parsing models by relying on adversarial training and model ensembling. |
Word-level Textual Adversarial Attacking as Combinatorial Optimization (2020.acl-main)
Copied to clipboard
| Challenge: | Existing word-level attack models are far from perfect because of unsuitable search space reduction methods and inefficient optimization algorithms. |
| Approach: | They propose a novel adversarial adversarialist model that incorporates word substitution and particle swarm optimization to solve two problems separately. |
| Outcome: | The proposed model achieves much higher success rates and crafts more high-quality adversarial examples as compared to baseline methods. |
Tougher Text, Smarter Models: Raising the Bar for Adversarial Defence Benchmarks (2025.coling-main)
Copied to clipboard
| Challenge: | Recent advances in natural language processing have highlighted the vulnerability of deep learning models to adversarial attacks. |
| Approach: | They propose a benchmark for textual adversarial defence that evaluates state-of-the-art defence mechanisms across diverse datasets, models, and tasks. |
| Outcome: | The proposed benchmark incorporates a wide range of datasets and evaluates state-of-the-art defence mechanisms. |
Adversarial Text Generation by Search and Learning (2023.findings-emnlp)
Copied to clipboard
Guoyi Li, Bingkang Shi, Zongzhen Liu, Dehan Kong, Yulei Wu, Xiaodan Zhang, Longtao Huang, Honglei Lyu
| Challenge: | Existing text generation methods only use heuristic replacement strategies or language models to generate replacement words at the word level. |
| Approach: | They propose a search and learning framework for Adversarial Text Generation by Search and Learning to evaluate the robustness of natural language processing models. |
| Outcome: | The proposed methods are significantly superior to the most advanced methods in terms of attack efficiency and adversarial text quality. |
Adversarial Attack and Defense of Structured Prediction Models (2020.emnlp-main)
Copied to clipboard
| Challenge: | Existing approaches to building effective adversarial attackers focus on classification problems. |
| Approach: | They propose a framework that learns to attack a structured prediction model with feedbacks from multiple reference models. |
| Outcome: | The proposed framework is able to attack state-of-the-art models and boost them with training . it is based on a sequence-to-sequence model with feedbacks from multiple reference models . |
Searching for an Effective Defender: Benchmarking Defense against Adversarial Word Substitution (2021.emnlp-main)
Copied to clipboard
Zongyi Li, Jianhan Xu, Jiehang Zeng, Linyang Li, Xiaoqing Zheng, Qi Zhang, Kai-Wei Chang, Cho-Jui Hsieh
| Challenge: | Existing methods to defend against adversarial word-substitution attacks have not been evaluated or compared in a systematic manner. |
| Approach: | They propose to compare different defense methods under representative adversarial attacks . they propose a method that improves the robustness of neural text classifiers against such attacks a . |
| Outcome: | The proposed method improves robustness of neural text classifiers against such attacks by a significant margin. |
Towards Improving Adversarial Training of NLP Models (2021.findings-emnlp)
Copied to clipboard
| Challenge: | Recent methods for generating NLP adversarial examples involve combinatorial search and expensive sentence encoders for constraining the generated instances. |
| Approach: | They propose to use vanilla adversarial training to train NLP models using a word substitution attack optimized for vanilla adversary training. |
| Outcome: | The proposed approach improves model performance and standard accuracy and can defend against other types of word substitution attacks. |
Enhancing Neural Models with Vulnerability via Adversarial Attack (2020.coling-main)
Copied to clipboard
| Challenge: | Existing work on adversarial attack to improve performance of NLSM tasks has not been done. |
| Approach: | They propose a general two-stage training framework to enhance neural models with Vulnerability via adversarial attack. |
| Outcome: | The proposed framework improves neural models with Vulnerability via adversarial attack on NLSM datasets. |
Adv-OLM: Generating Textual Adversaries via OLM (2021.eacl-main)
Copied to clipboard
| Challenge: | Recent studies have pointed out the vulnerability of deep learning models to adversarial attacks. |
| Approach: | They propose a black-box attack method that adapts the idea of Occlusion and Language Models to the current state of the art attack methods. |
| Outcome: | The proposed method outperforms existing methods on several text classification tasks. |
Multi-task Adversarial Attacks against Black-box Model with Few-shot Queries (2025.acl-long)
Copied to clipboard
| Challenge: | Existing adversarial text attacks rely on abundant access to shared internal features and numerous queries, limited to a single task type. |
| Approach: | They propose a black-box attack that exploits the transferability of adversarial texts . they use a deep-level substitute model trained in a plug-and-play manner for text classification . |
| Outcome: | The proposed attack can target multiple tasks with minimal perturbations . it can target commercial APIs, large language models, and image-generation models . |