| Challenge: | a new technique for layerwise UATs searches hidden layers of a network for universal adversarial triggers . a previous study showed that adversarials can fool models by perturbing samples that leave the ground truth label unchanged but can modify model prediction drastically. |
| Approach: | They propose a new approach to construct layerwise UATs by perturbing hidden layers of a network and propose LUATs that are more efficient than vanilla UAT methods. |
| Outcome: | The proposed method provides better transferability in a model-to-model setting with an average gain of 9.3% in fooling rate over baseline. |
Similar Papers
Universal Adversarial Triggers for Attacking and Analyzing NLP (D19-1)
Copied to clipboard
| Challenge: | Using adversarial triggers, a model can produce a specific prediction . adversarial attacks are useful for evaluation and interpretation . |
| Approach: | They propose a gradient-guided search over tokens that finds short adversarial triggers that successfully trigger the target prediction. |
| Outcome: | The proposed algorithm finds short trigger sequences that successfully trigger the target prediction. |
On the Universal Adversarial Perturbations for Efficient Data-free Adversarial Detection (2023.findings-acl)
Copied to clipboard
| Challenge: | Existing adversarial detection methods require access to training data, which brings noteworthy concerns regarding privacy leakage and generalizability. |
| Approach: | They propose a data-agnostic adversarial detection framework which induces different responses between normal and adversarials to UAPs. |
| Outcome: | The proposed framework achieves competitive detection performance on various text classification tasks, and maintains equivalent time consumption to normal inference. |
Universal Adversarial Attacks with Natural Triggers for Text Classification (2021.naacl-main)
Copied to clipboard
| Challenge: | Recent work has demonstrated the vulnerability of modern text classifiers to universal adversarial attacks, which are input-agnostic sequences of words added to text processed by classifier. |
| Approach: | They propose a gradient-based search that aims to maximize the downstream classifier’s prediction loss by using an adversarially regularized autoencoder to generate triggers and propose heuristics to spot such attacks. |
| Outcome: | The proposed algorithms reduce model accuracy while being less identifiable than prior models as per automatic detection metrics and human-subject studies. |
Model Extraction and Adversarial Transferability, Your BERT is Vulnerable! (2021.naacl-main)
Copied to clipboard
| Challenge: | Pretrained language models are used for natural language processing (NLP) but when they are deployed as a service, they can suffer from different attacks . |
| Approach: | They propose two defence strategies to protect the target model from adversarial attacks . they show that model extraction and adversarially transferable attacks can be effective . |
| Outcome: | The extracted model can lead to highly transferable adversarial attacks against the target model. |
LinkPrompt: Natural and Universal Adversarial Attacks on Prompt-based Language Models (2024.naacl-long)
Copied to clipboard
| Challenge: | Prompt-based learning is a new language model training paradigm that adapts Pre-trained Language Models (PLMs) to downstream tasks. |
| Approach: | They propose a prompt-based learning paradigm that adapts Pre-trained Language Models to downstream tasks . they use a gradient-based beam search algorithm to generate adversarial triggers . |
| Outcome: | The proposed model improves performance on various natural language processing tasks by optimizing the prompt template. |
Adversarial Attack and Defense of Structured Prediction Models (2020.emnlp-main)
Copied to clipboard
| Challenge: | Existing approaches to building effective adversarial attackers focus on classification problems. |
| Approach: | They propose a framework that learns to attack a structured prediction model with feedbacks from multiple reference models. |
| Outcome: | The proposed framework is able to attack state-of-the-art models and boost them with training . it is based on a sequence-to-sequence model with feedbacks from multiple reference models . |
UOR: Universal Backdoor Attacks on Pre-trained Language Models (2024.findings-acl)
Copied to clipboard
| Challenge: | Existing methods to attack pre-trained language models rely on manual selection of triggers and backdoor representations. |
| Approach: | They propose a backdoor attack method that turns manual selection into automatic optimization . they propose to use poisoned contrastive learning to learn more uniform backdoor representations . |
| Outcome: | The proposed method achieves better attack performance on text classification tasks compared to manual methods. |
CR-UTP: Certified Robustness against Universal Text Perturbations on Large Language Models (2024.findings-acl)
Copied to clipboard
| Challenge: | Existing certified robustness methods for certifying input-specific text perturbations have shown promise in certifyling UTPs, but masking only adversarial words can eliminate the attack. |
| Approach: | They propose a method to certify a language model’s robustness against UTPs by using random smoothing. |
| Outcome: | The proposed method achieves high certified accuracy under extensive masking and achieves state-of-the-art results in multiple settings. |
Robust Transfer Learning with Pretrained Language Models through Adapters (2021.acl-short)
Copied to clipboard
| Challenge: | Existing approaches to transfer learning with pretrained transformer-based language models are not robust and can be adversarial. |
| Approach: | They propose a simple yet effective adapter-based approach to fine-tune language models on downstream tasks. |
| Outcome: | The proposed approach improves stability and adversarial robustness in transfer learning to various downstream tasks. |
T3: Tree-Autoencoder Constrained Adversarial Text Generation for Targeted Attack (2020.emnlp-main)
Copied to clipboard
| Challenge: | Existing adversarial examples can induce arbitrary errors to the target models, but they can be exploited to estimate robustness of NLP models. |
| Approach: | They propose a target-controllable adversarial attack framework T3 to handle adversarials . they use tree-based decoders to regularize the syntactic correctness of generated text . |
| Outcome: | The proposed framework can be used to estimate the robustness of NLP models. |