Fraud's Bargain Attacks to Textual Classifiers via Metropolis-Hasting Sampling

Ni, M; Sun, Z; Liu, W

Fraud's Bargain Attacks to Textual Classifiers via Metropolis-Hasting Sampling

Ni, M Sun, Z Liu, W

Permalink

Publication Type:: Conference Proceeding
Citation:: Proceedings of the 37th AAAI Conference on Artificial Intelligence, AAAI 2023, 2023, 37, pp. 16290-16291
Issue Date:: 2023-06-27

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Accepted versionAdobe PDF (129.81 kB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Ni, M
dc.contributor.author	Sun, Z
dc.contributor.author	Liu, W https://orcid.org/0000-0002-3003-1313
dc.date.accessioned	2024-01-31T11:41:07Z
dc.date.available	2024-01-31T11:41:07Z
dc.date.issued	2023-06-27
dc.identifier.citation	Proceedings of the 37th AAAI Conference on Artificial Intelligence, AAAI 2023, 2023, 37, pp. 16290-16291
dc.identifier.isbn	9781577358800
dc.identifier.uri	http://hdl.handle.net/10453/175151
dc.description.abstract	Recent studies on adversarial examples expose vulnerabilities of natural language processing (NLP) models. Existing techniques for generating adversarial examples are typically driven by deterministic heuristic rules that are agnostic to the optimal adversarial examples, a strategy that often results in attack failures. To this end, this research proposes Fraud's Bargain Attack (FBA), which utilizes a novel randomization mechanism to enlarge the searching space and enables high-quality adversarial examples to be generated with high probabilities. FBA applies the Metropolis-Hasting algorithm to enhance the selection of adversarial examples from all candidates proposed by a customized Word Manipulation Process (WMP). WMP perturbs one word at a time via insertion, removal, or substitution in a contextual-aware manner. Extensive experiments demonstrate that FBA outperforms the baselines in terms of attack success rate and imperceptibility.
dc.language	en
dc.relation.ispartof	Proceedings of the 37th AAAI Conference on Artificial Intelligence, AAAI 2023
dc.rights	info:eu-repo/semantics/openAccess
dc.title	Fraud's Bargain Attacks to Textual Classifiers via Metropolis-Hasting Sampling
dc.type	Conference Proceeding
utslib.citation.volume	37
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Strength - AAI - Advanced Analytics Institute Research Centre
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	open_access	*
dc.date.updated	2024-01-31T11:41:06Z
pubs.publication-status	Published
pubs.volume	37

Abstract:

Recent studies on adversarial examples expose vulnerabilities of natural language processing (NLP) models. Existing techniques for generating adversarial examples are typically driven by deterministic heuristic rules that are agnostic to the optimal adversarial examples, a strategy that often results in attack failures. To this end, this research proposes Fraud's Bargain Attack (FBA), which utilizes a novel randomization mechanism to enlarge the searching space and enables high-quality adversarial examples to be generated with high probabilities. FBA applies the Metropolis-Hasting algorithm to enhance the selection of adversarial examples from all candidates proposed by a customized Word Manipulation Process (WMP). WMP perturbs one word at a time via insertion, removal, or substitution in a contextual-aware manner. Extensive experiments demonstrate that FBA outperforms the baselines in terms of attack success rate and imperceptibility.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/175151