Chat as Expected: Learning to Manipulate Black-box Neural Dialogue Models
This work addresses security concerns for users of neural dialogue systems by revealing vulnerabilities to manipulation, though it is incremental in building on existing methods for model attacks.
The paper investigates whether input sentences can be crafted to manipulate black-box neural dialogue models into generating outputs containing target words or sentences, proposing a reinforcement learning model that successfully achieves this in a considerable portion of cases.
Recently, neural network based dialogue systems have become ubiquitous in our increasingly digitalized society. However, due to their inherent opaqueness, some recently raised concerns about using neural models are starting to be taken seriously. In fact, intentional or unintentional behaviors could lead to a dialogue system to generate inappropriate responses. Thus, in this paper, we investigate whether we can learn to craft input sentences that result in a black-box neural dialogue model being manipulated into having its outputs contain target words or match target sentences. We propose a reinforcement learning based model that can generate such desired inputs automatically. Extensive experiments on a popular well-trained state-of-the-art neural dialogue model show that our method can successfully seek out desired inputs that lead to the target outputs in a considerable portion of cases. Consequently, our work reveals the potential of neural dialogue models to be manipulated, which inspires and opens the door towards developing strategies to defend them.