Improving Question Answering Model Robustness with Synthetic Adversarial Data Generation
This work addresses the problem of adversarial robustness in question answering models for AI practitioners, offering a scalable alternative to expensive human data collection.
The paper tackled the vulnerability of question answering models to adversarial attacks by using synthetic adversarial data generation to improve robustness, resulting in a 3.7 F1 improvement on the AdversarialQA dataset and reducing human fooling rates from 17.6% to 8.8%.
Despite recent progress, state-of-the-art question answering models remain vulnerable to a variety of adversarial attacks. While dynamic adversarial data collection, in which a human annotator tries to write examples that fool a model-in-the-loop, can improve model robustness, this process is expensive which limits the scale of the collected data. In this work, we are the first to use synthetic adversarial data generation to make question answering models more robust to human adversaries. We develop a data generation pipeline that selects source passages, identifies candidate answers, generates questions, then finally filters or re-labels them to improve quality. Using this approach, we amplify a smaller human-written adversarial dataset to a much larger set of synthetic question-answer pairs. By incorporating our synthetic data, we improve the state-of-the-art on the AdversarialQA dataset by 3.7F1 and improve model generalisation on nine of the twelve MRQA datasets. We further conduct a novel human-in-the-loop evaluation to show that our models are considerably more robust to new human-written adversarial examples: crowdworkers can fool our model only 8.8% of the time on average, compared to 17.6% for a model trained without synthetic data.