A survey in Adversarial Defences and Robustness in NLP

Goyal, Siddharth; Doddapaneni, Sumanth; Khapra, Mitesh M.; Ravindran, Balaraman

doi:10.48550/arxiv.2203.06414

Cited by 2 publications

(3 citation statements)

References 115 publications

(133 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Effect on robustness When evaluated on adversarial sentences, TextShield performs best in most cases, demonstrating that TextShield can effectively improve the model's robustness. Furthermore, the enhancement of model's robustness is derived from the leveraging a cross-cutting link between adversarial robustness and saliency, which is complementary to the conventional opinion Goyal et al, 2022) that text attacks should be better defended using discrete information instead of continuous information.…”

Section: Experimental Settingsmentioning

confidence: 99%

“…However, their performance is not comparable to state-of-the-art defense methods designed for a specific attack (e.g., word-level attacks). Meanwhile, the success of state-of-the-art defense against one kind of attacks (e.g., word-level) can not transfer to another kind of attacks (e.g., sentence-level) Goyal et al, 2022). Thus, how to tackle such a trade-off between generality and performance remains a valuable question.…”

Section: F Other Baselines For Corrector Designmentioning

confidence: 99%

See 1 more Smart Citation

TextShield: Beyond Successfully Detecting Adversarial Sentences in Text Classification

Shen¹,

Zhang²,

Jiang³

et al. 2023

Preprint

View full text Add to dashboard Cite

Adversarial attack serves as a major challenge for neural network models in NLP, which precludes the model's deployment in safety-critical applications. A recent line of work, detection-based defense, aims to distinguish adversarial sentences from benign ones. However, the core limitation of previous detection methods is being incapable of giving correct predictions on adversarial sentences unlike defense methods from other paradigms. To solve this issue, this paper proposes TextShield: (1) we discover a link between text attack and saliency information, and then we propose a saliency-based detector, which can effectively detect whether an input sentence is adversarial or not. (2) We design a saliencybased corrector, which converts the detected adversary sentences to benign ones. By combining the saliency-based detector and corrector, TextShield extends the detection-only paradigm to a detection-correction paradigm, thus filling the gap in the existing detection-based defense. Comprehensive experiments show that (a) TextShield consistently achieves higher or comparable performance than state-ofthe-art defense methods across various attacks on different benchmarks. (b) our saliency-based detector outperforms existing detectors for detecting adversarial sentences.

show abstract

Section: Experimental Settingsmentioning

confidence: 99%

Section: F Other Baselines For Corrector Designmentioning

confidence: 99%

TextShield: Beyond Successfully Detecting Adversarial Sentences in Text Classification

Shen¹,

Zhang²,

Jiang³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…The evaluation of explainability of DNN models is known to be a challenging task, necessitating such an effort. From another perspective, while there have been many surveys of literature on adversarial attacks and robustness [7,8,11,25,29,35,46,51,57,61,65,69,75,77,101,104,112,113,116,118,119,121,122,129,135] -which focus on attacking the predictive outcome of these models, there have been no effort so far to study and consolidate existing efforts on attacks on explainability of DNN models. Many recent efforts have demonstrated the vulnerability of explanations (or attributions 1 ) to human-imperceptible input perturbations across image, text and tabular data [36,45,55,62,107,108,133].…”

Section: Introductionmentioning

confidence: 99%

On the Robustness of Explanations of Deep Neural Network Models: A Survey

Jyoti¹,

Ganesh²,

Gayala³

et al. 2022

Preprint

View full text Add to dashboard Cite

Explainability has been widely stated as a cornerstone of the responsible and trustworthy use of machine learning models. With the ubiquitous use of Deep Neural Network (DNN) models expanding to risk-sensitive and safety-critical domains, many methods have been proposed to explain the decisions of these models. Recent years have also seen concerted efforts that have shown how such explanations can be distorted (attacked) by minor input perturbations. While there have been many surveys that review explainability methods themselves, there has been no effort hitherto to assimilate the different methods and metrics proposed to study the robustness of explanations of DNN models. In this work, we present a comprehensive survey of methods that study, understand, attack, and defend explanations of DNN models. We also present a detailed review of different metrics used to evaluate explanation methods, as well as describe attributional attack and defense methods. We conclude with lessons and take-aways for the community towards ensuring robust explanations of DNN model predictions.

show abstract

A survey in Adversarial Defences and Robustness in NLP

Cited by 2 publications

References 115 publications

TextShield: Beyond Successfully Detecting Adversarial Sentences in Text Classification

TextShield: Beyond Successfully Detecting Adversarial Sentences in Text Classification

On the Robustness of Explanations of Deep Neural Network Models: A Survey

Contact Info

Product

Resources

About