Towards Crafting Text Adversarial Samples
This work addresses the challenge of adversarial attacks in text classification, which is crucial for improving the robustness of NLP systems, though it is incremental as it adapts image-based adversarial techniques to text.
The paper tackles the problem of generating adversarial text samples that can fool classifiers while remaining linguistically plausible, by modifying original texts through deletion, replacement, or insertion of words. Experimental results on IMDB and Twitter datasets demonstrate the method's efficiency in sentiment analysis and gender detection tasks.
Adversarial samples are strategically modified samples, which are crafted with the purpose of fooling a classifier at hand. An attacker introduces specially crafted adversarial samples to a deployed classifier, which are being mis-classified by the classifier. However, the samples are perceived to be drawn from entirely different classes and thus it becomes hard to detect the adversarial samples. Most of the prior works have been focused on synthesizing adversarial samples in the image domain. In this paper, we propose a new method of crafting adversarial text samples by modification of the original samples. Modifications of the original text samples are done by deleting or replacing the important or salient words in the text or by introducing new words in the text sample. Our algorithm works best for the datasets which have sub-categories within each of the classes of examples. While crafting adversarial samples, one of the key constraint is to generate meaningful sentences which can at pass off as legitimate from language (English) viewpoint. Experimental results on IMDB movie review dataset for sentiment analysis and Twitter dataset for gender detection show the efficiency of our proposed method.