Detection of Word Adversarial Examples in Text Classification: Benchmark and Baseline via Robust Density Estimation
This work addresses the need for reliable detection of adversarial examples in automated NLP tasks like sentiment analysis, though it is incremental as it builds on existing defense efforts.
The paper tackles the problem of detecting word-level adversarial examples in text classification by releasing a benchmark dataset and proposing a robust density estimation baseline that achieves the highest AUC on 29 out of 30 dataset-attack-model combinations.
Word-level adversarial attacks have shown success in NLP models, drastically decreasing the performance of transformer-based models in recent years. As a countermeasure, adversarial defense has been explored, but relatively few efforts have been made to detect adversarial examples. However, detecting adversarial examples may be crucial for automated tasks (e.g. review sentiment analysis) that wish to amass information about a certain population and additionally be a step towards a robust defense system. To this end, we release a dataset for four popular attack methods on four datasets and four models to encourage further research in this field. Along with it, we propose a competitive baseline based on density estimation that has the highest AUC on 29 out of 30 dataset-attack-model combinations. Source code is available in https://github.com/anoymous92874838/text-adv-detection.