Article: Improving greedy adversarial attacks on text classification Journal: International Journal of Information and Computer Security (IJICS) 2024 Vol.25 No.1/2 pp.141 - 166 Abstract: Deep learning models have demonstrated remarkable success in various applications, yet their vulnerability to adversarial attacks remains a significant concern. These attacks can mislead models, imperceptibly to human eyes, creating a critical challenge in ensuring robustness. Despite recent advancements in adversarial attacks that contribute to enhancing model robustness, many existing techniques yield higher perturbation rates, lower textual similarity or lower success rates, with some, like population-based methods, incurring an increased query count. In response to that, this paper introduces two innovative methods: a k-means-based ranking approach and an iterative context-aware search algorithm complemented by a rollback method, to enhance the quality of generated adversarial samples. Our approaches showcase superiority over numerous state-of-the-art techniques by successfully compromising deep learning models with fewer modifications and achieving higher success rates, presenting a significant advancement in adversarial attack generation. This work contributes to the ongoing efforts to fortify deep learning models against adversarial attacks. Inderscience Publishers - linking academia, business and industry through research

Title: Improving greedy adversarial attacks on text classification

Authors: Khemis Salim; Amara Yacine; Benatia Mohamed Akrem

Addresses: Ecole Militaire Polytechnique, Bordj El Bahri, 16046, Algiers, Algeria ' Ecole Militaire Polytechnique, Bordj El Bahri, 16046, Algiers, Algeria ' Ecole Militaire Polytechnique, Bordj El Bahri, 16046, Algiers, Algeria

Abstract: Deep learning models have demonstrated remarkable success in various applications, yet their vulnerability to adversarial attacks remains a significant concern. These attacks can mislead models, imperceptibly to human eyes, creating a critical challenge in ensuring robustness. Despite recent advancements in adversarial attacks that contribute to enhancing model robustness, many existing techniques yield higher perturbation rates, lower textual similarity or lower success rates, with some, like population-based methods, incurring an increased query count. In response to that, this paper introduces two innovative methods: a k-means-based ranking approach and an iterative context-aware search algorithm complemented by a rollback method, to enhance the quality of generated adversarial samples. Our approaches showcase superiority over numerous state-of-the-art techniques by successfully compromising deep learning models with fewer modifications and achieving higher success rates, presenting a significant advancement in adversarial attack generation. This work contributes to the ongoing efforts to fortify deep learning models against adversarial attacks.

Keywords: text-based adversarial attacks; natural language processing; NLP; NLP adversarial samples; greedy-based adversarial attacks.

DOI: 10.1504/IJICS.2024.142697

International Journal of Information and Computer Security, 2024 Vol.25 No.1/2, pp.141 - 166

Received: 10 Jul 2023
Accepted: 20 Jan 2024
Published online: 18 Nov 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Improving greedy adversarial attacks on text classification

Keep up-to-date