EFSG: Evolutionary Fooling Sentences Generator
This work addresses robustness issues in state-of-the-art language models for NLP researchers and practitioners, though it is incremental as it builds on existing adversarial attack methods.
The authors tackled the problem of adversarial attacks on large pre-trained language models by designing EFSG, an evolutionary algorithm to generate false-positive sentences for binary classification tasks, successfully applying it to CoLA and MRPC tasks on BERT and RoBERTa to reveal weak spots, and testing adversarial training as a defense that improved models without accuracy loss.
Large pre-trained language representation models (LMs) have recently collected a huge number of successes in many NLP tasks. In 2018 BERT, and later its successors (e.g. RoBERTa), obtained state-of-the-art results in classical benchmark tasks, such as GLUE benchmark. After that, works about adversarial attacks have been published to test their generalization proprieties and robustness. In this work, we design Evolutionary Fooling Sentences Generator (EFSG), a model- and task-agnostic adversarial attack algorithm built using an evolutionary approach to generate false-positive sentences for binary classification tasks. We successfully apply EFSG to CoLA and MRPC tasks, on BERT and RoBERTa, comparing performances. Results prove the presence of weak spots in state-of-the-art LMs. We finally test adversarial training as a data augmentation defence approach against EFSG, obtaining stronger improved models with no loss of accuracy when tested on the original datasets.