"That Is a Suspicious Reaction!": Interpreting Logits Variation to Detect NLP Adversarial Attacks
This addresses the critical need for reliable defenses against adversarial attacks in NLP, which is less explored than in computer vision, enabling safer deployment of models in safety-critical applications.
The paper tackles the problem of detecting adversarial attacks in natural language processing by developing a model-agnostic detector that analyzes logits variation when perturbing text inputs, achieving state-of-the-art performance with strong generalization across models, datasets, and attacks.
Adversarial attacks are a major challenge faced by current machine learning research. These purposely crafted inputs fool even the most advanced models, precluding their deployment in safety-critical applications. Extensive research in computer vision has been carried to develop reliable defense strategies. However, the same issue remains less explored in natural language processing. Our work presents a model-agnostic detector of adversarial text examples. The approach identifies patterns in the logits of the target classifier when perturbing the input text. The proposed detector improves the current state-of-the-art performance in recognizing adversarial inputs and exhibits strong generalization capabilities across different NLP models, datasets, and word-level attacks.