Certified Robustness Against Natural Language Attacks by Causal Intervention
This addresses the problem of adversarial attacks in natural language processing for AI systems, offering a novel causal approach with strong empirical gains.
The paper tackles the vulnerability of deep learning models to adversarial examples in natural language by proposing Causal Intervention by Semantic Smoothing (CISS), a framework that learns causal effects for robust predictions. It achieves 6.7% higher certified robustness against word substitutions on YELP compared to the runner-up and 79.4% empirical robustness against syntactic attacks.
Deep learning models have achieved great success in many fields, yet they are vulnerable to adversarial examples. This paper follows a causal perspective to look into the adversarial vulnerability and proposes Causal Intervention by Semantic Smoothing (CISS), a novel framework towards robustness against natural language attacks. Instead of merely fitting observational data, CISS learns causal effects p(y|do(x)) by smoothing in the latent semantic space to make robust predictions, which scales to deep architectures and avoids tedious construction of noise customized for specific attacks. CISS is provably robust against word substitution attacks, as well as empirically robust even when perturbations are strengthened by unknown attack algorithms. For example, on YELP, CISS surpasses the runner-up by 6.7% in terms of certified robustness against word substitutions, and achieves 79.4% empirical robustness when syntactic attacks are integrated.