MALCOM: Generating Malicious Comments to Attack Neural Fake News Detection Models
This work addresses a security vulnerability in fake news detection systems, which is crucial for maintaining trust in news ecosystems, but it is incremental as it builds on existing adversarial attack methods.
The paper tackles the problem of attacking neural fake news detection models by proposing MALCOM, a framework that generates malicious comments to mislead detectors, achieving success rates of about 94% and 93.5% in fooling models to output targeted labels.
In recent years, the proliferation of so-called "fake news" has caused much disruptions in society and weakened the news ecosystem. Therefore, to mitigate such problems, researchers have developed state-of-the-art models to auto-detect fake news on social media using sophisticated data science and machine learning techniques. In this work, then, we ask "what if adversaries attempt to attack such detection models?" and investigate related issues by (i) proposing a novel threat model against fake news detectors, in which adversaries can post malicious comments toward news articles to mislead fake news detectors, and (ii) developing MALCOM, an end-to-end adversarial comment generation framework to achieve such an attack. Through a comprehensive evaluation, we demonstrate that about 94% and 93.5% of the time on average MALCOM can successfully mislead five of the latest neural detection models to always output targeted real and fake news labels. Furthermore, MALCOM can also fool black box fake news detectors to always output real news labels 90% of the time on average. We also compare our attack model with four baselines across two real-world datasets, not only on attack performance but also on generated quality, coherency, transferability, and robustness.