Toward Stronger Textual Attack Detectors
This addresses the need for robust defense mechanisms against malicious attacks in NLP systems, though it appears incremental as it builds on existing detection methods.
The paper tackles the problem of detecting textual adversarial attacks by introducing LAROUSSE, a new unsupervised framework, and STAKEOUT, a benchmark for evaluation, showing that LAROUSSE outperforms previous methods in experiments.
The landscape of available textual adversarial attacks keeps growing, posing severe threats and raising concerns regarding the deep NLP system's integrity. However, the crucial problem of defending against malicious attacks has only drawn the attention of the NLP community. The latter is nonetheless instrumental in developing robust and trustworthy systems. This paper makes two important contributions in this line of search: (i) we introduce LAROUSSE, a new framework to detect textual adversarial attacks and (ii) we introduce STAKEOUT, a new benchmark composed of nine popular attack methods, three datasets, and two pre-trained models. LAROUSSE is ready-to-use in production as it is unsupervised, hyperparameter-free, and non-differentiable, protecting it against gradient-based methods. Our new benchmark STAKEOUT allows for a robust evaluation framework: we conduct extensive numerical experiments which demonstrate that LAROUSSE outperforms previous methods, and which allows to identify interesting factors of detection rate variations.