Grey-box Adversarial Attack And Defence For Sentiment Classification
This work provides a faster and more robust adversarial attack and defence method for sentiment classification, which is incremental as it builds on existing techniques.
The paper tackles the problem of generating adversarial examples for sentiment classification by introducing a grey-box framework that addresses differentiability, label preservation, and input reconstruction, resulting in adversarial examples generated one order of magnitude faster than state-of-the-art methods while preserving sentiment according to human evaluation.
We introduce a grey-box adversarial attack and defence framework for sentiment classification. We address the issues of differentiability, label preservation and input reconstruction for adversarial attack and defence in one unified framework. Our results show that once trained, the attacking model is capable of generating high-quality adversarial examples substantially faster (one order of magnitude less in time) than state-of-the-art attacking methods. These examples also preserve the original sentiment according to human evaluation. Additionally, our framework produces an improved classifier that is robust in defending against multiple adversarial attacking methods. Code is available at: https://github.com/ibm-aur-nlp/adv-def-text-dist.