A Geometry-Inspired Attack for Generating Natural Language Adversarial Examples
This addresses the problem of adversarial robustness in natural language processing for AI security, representing an incremental improvement in attack methods.
The paper tackles the challenge of generating adversarial examples for natural language by proposing a geometry-inspired attack that iteratively approximates decision boundaries, achieving high success rates in fooling models with minimal word replacements while being hard for humans to detect.
Generating adversarial examples for natural language is hard, as natural language consists of discrete symbols, and examples are often of variable lengths. In this paper, we propose a geometry-inspired attack for generating natural language adversarial examples. Our attack generates adversarial examples by iteratively approximating the decision boundary of Deep Neural Networks (DNNs). Experiments on two datasets with two different models show that our attack fools natural language models with high success rates, while only replacing a few words. Human evaluation shows that adversarial examples generated by our attack are hard for humans to recognize. Further experiments show that adversarial training can improve model robustness against our attack.