Universal Evasion Attacks on Summarization Scoring
This work exposes critical robustness flaws in summary scoring systems, which are incremental but important for guiding summarizer development.
The study demonstrated that automatic summary scoring systems are vulnerable to evasion attacks, where non-summary strings achieve competitive or superior scores on metrics like ROUGE, METEOR, and BERTScore, with attacks outperforming state-of-the-art summarization methods on ROUGE-1 and ROUGE-L.
The automatic scoring of summaries is important as it guides the development of summarizers. Scoring is also complex, as it involves multiple aspects such as fluency, grammar, and even textual entailment with the source text. However, summary scoring has not been considered a machine learning task to study its accuracy and robustness. In this study, we place automatic scoring in the context of regression machine learning tasks and perform evasion attacks to explore its robustness. Attack systems predict a non-summary string from each input, and these non-summary strings achieve competitive scores with good summarizers on the most popular metrics: ROUGE, METEOR, and BERTScore. Attack systems also "outperform" state-of-the-art summarization methods on ROUGE-1 and ROUGE-L, and score the second-highest on METEOR. Furthermore, a BERTScore backdoor is observed: a simple trigger can score higher than any automatic summarization method. The evasion attacks in this work indicate the low robustness of current scoring systems at the system level. We hope that our highlighting of these proposed attacks will facilitate the development of summary scores.