PromptAttack: Probing Dialogue State Trackers with Adversarial Prompts
This work addresses the need for more robust conversational systems by probing DSTs with adversarial prompts, which is an incremental improvement in adversarial testing methods.
The paper tackles the problem of robustness in Dialogue State Trackers (DSTs) by introducing a prompt-based learning approach to generate adversarial examples, resulting in the greatest reduction in accuracy and best attack success rate against state-of-the-art DSTs while maintaining fluency and low perturbation.
A key component of modern conversational systems is the Dialogue State Tracker (or DST), which models a user's goals and needs. Toward building more robust and reliable DSTs, we introduce a prompt-based learning approach to automatically generate effective adversarial examples to probe DST models. Two key characteristics of this approach are: (i) it only needs the output of the DST with no need for model parameters, and (ii) it can learn to generate natural language utterances that can target any DST. Through experiments over state-of-the-art DSTs, the proposed framework leads to the greatest reduction in accuracy and the best attack success rate while maintaining good fluency and a low perturbation ratio. We also show how much the generated adversarial examples can bolster a DST through adversarial training. These results indicate the strength of prompt-based attacks on DSTs and leave open avenues for continued refinement.