Reading is not believing: A multimodal adversarial attacker for Chinese-NLP model. Issue 125 (February 2023)
- Record Type:
- Journal Article
- Title:
- Reading is not believing: A multimodal adversarial attacker for Chinese-NLP model. Issue 125 (February 2023)
- Main Title:
- Reading is not believing: A multimodal adversarial attacker for Chinese-NLP model
- Authors:
- Ge, Zhaocheng
Hu, Hanping
Zhao, Tengfei
Shi, Dingmeng - Abstract:
- Highlights: A multimodal attacker is developed to deceive Chinese- NLP models. Effective components are integrated, including a CNN- based Siamese Network. It attacks seven models and outperforms four benchmarks in five metrics. Human evaluation, ablation, transferability, and robustness are further studied. Abstract: The research of adversarial examples has extended from image to text in the last few years. However, these attacks are typically limited to the English language and simple substitution strategies. To further expose the vulnerability of NLP models, we study the linguistic characteristics of Chinese, the quintessential ideogram with over 1.2 billion native speakers. Accordingly, a novel attack framework named ZH-Deceiver is proposed to generate Chinese adversarial examples from the perspective of morphology, phonetics, semantics, and basic transformation. In particular, a CNN-based Siamese Network is integrated to ameliorate the quality of adversarial examples. To elaborate the validity of ZH-Deceiver, extensive experiments are conducted on two datasets. Compared with four benchmarks such as Genetic, PWWS, TextBugger, and SememePSO, our attack achieves impressive performance on effectiveness, efficiency, imperceptibility, and human evaluation by deceiving seven AI models including CNN and BERT. Furthermore, the transferability, as well as the robustness, is further analyzed and the former is successfully applied to attack three commercial APIs: Tencent, ALi, andHighlights: A multimodal attacker is developed to deceive Chinese- NLP models. Effective components are integrated, including a CNN- based Siamese Network. It attacks seven models and outperforms four benchmarks in five metrics. Human evaluation, ablation, transferability, and robustness are further studied. Abstract: The research of adversarial examples has extended from image to text in the last few years. However, these attacks are typically limited to the English language and simple substitution strategies. To further expose the vulnerability of NLP models, we study the linguistic characteristics of Chinese, the quintessential ideogram with over 1.2 billion native speakers. Accordingly, a novel attack framework named ZH-Deceiver is proposed to generate Chinese adversarial examples from the perspective of morphology, phonetics, semantics, and basic transformation. In particular, a CNN-based Siamese Network is integrated to ameliorate the quality of adversarial examples. To elaborate the validity of ZH-Deceiver, extensive experiments are conducted on two datasets. Compared with four benchmarks such as Genetic, PWWS, TextBugger, and SememePSO, our attack achieves impressive performance on effectiveness, efficiency, imperceptibility, and human evaluation by deceiving seven AI models including CNN and BERT. Furthermore, the transferability, as well as the robustness, is further analyzed and the former is successfully applied to attack three commercial APIs: Tencent, ALi, and Baidu. ZH-Deceiver acts as a wake-up call for multilingual processing models, and tangibly extends the application and methodology of adversarial textual attack. … (more)
- Is Part Of:
- Computers & security. Issue 125(2023)
- Journal:
- Computers & security
- Issue:
- Issue 125(2023)
- Issue Display:
- Volume 125, Issue 125 (2023)
- Year:
- 2023
- Volume:
- 125
- Issue:
- 125
- Issue Sort Value:
- 2023-0125-0125-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-02
- Subjects:
- Vulnerability -- Adversarial example -- Multimodal attack -- Natural language processing -- Deep neural networks
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2022.103052 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24838.xml