Generalization to Mitigate Synonym Substitution Attacks

Alshemali, Basemah; Kalita, Jugal

doi:10.18653/v1/2020.deelio-1.3

Cited by 11 publications

(6 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…That is, in the long term, the data points from the MC will look similar to the data points from [60], [59]. This attack technique has been used in multiple studies addressing machine learning robustness to adversarial attacks, including [59], [99]- [101]. The au-thors perform Metropolis-Hastings sampling which is designed with the guidance of gradients.…”

Section: ) Metropolis-hastings Sampling For Adversarial Attacksmentioning

confidence: 99%

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

et al. 2022

View full text Add to dashboard Cite

Recent natural language processing (NLP) techniques have accomplished high performance on benchmark data sets, primarily due to the significant improvement in the performance of deep learning. The advances in the research community have led to great enhancements in state-of-the-art production systems for NLP tasks, such as virtual assistants, speech recognition, and sentiment analysis. However, such NLP systems still often fail when tested with adversarial attacks. The initial lack of robustness exposed troubling gaps in current models' language understanding capabilities, creating problems when NLP systems are deployed in real life. In this paper, we present a structured overview of NLP robustness research by summarizing the literature in a systemic way across various dimensions. We then take a deepdive into the various dimensions of robustness, across techniques, metrics, embedding, and benchmarks. Finally, we argue that robustness should be multi-dimensional, provide insights into current research, identify gaps in the literature to suggest directions worth pursuing to address these gaps INDEX TERMS Natural Language Processing; Adversarial Attacks; Robustness.

show abstract

Section: ) Metropolis-hastings Sampling For Adversarial Attacksmentioning

confidence: 99%

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

et al. 2022

View full text Add to dashboard Cite

show abstract

“…This attack technique has been used in multiple studies addressing machine learning robustness to adversarial attacks, including [59], [99]- [101]. The way such a technique is used in those studies is almost identical.…”

Section: Breaching Security By Improving Attacksmentioning

confidence: 99%

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

Omar¹,

Choi²,

Nyang³

et al. 2022

Preprint

View full text Add to dashboard Cite

Recent natural language processing (NLP) techniques have accomplished high performance on benchmark datasets, primarily due to the significant improvement in the performance of deep learning. The advances in the research community have led to great enhancements in state-of-the-art production systems for NLP tasks, such as virtual assistants, speech recognition, and sentiment analysis. However, such NLP systems still often fail when tested with adversarial attacks. The initial lack of robustness exposed troubling gaps in current models' language understanding capabilities, creating problems when NLP systems are deployed in real life. In this paper, we present a structured overview of NLP robustness research by summarizing the literature in a systemic way across various dimensions. We then take a deep-dive into the various dimensions of robustness, across techniques, metrics, embeddings, and benchmarks. Finally, we argue that robustness should be multi-dimensional, provide insights into current research, identify gaps in the literature to suggest directions worth pursuing to address these gaps.

show abstract

“…The study of synonym substitution can be traced back to the 1970s (Waltz, 1978;Lehmann and Stachowitz, 1972). With the rise of machine learning, synonym substitution is widely used in NLP for data augment and adversarial attacks (Rizos et al, 2019;Wei and Zou, 2019;Ebrahimi et al, 2018;Alshemali and Kalita, 2020;Ren et al, 2019). Many adversarial attacks based on synonym substitution have successfully compromised the performance of existing models (Alzantot et al, 2018;Zhang et al, 2019a;Ren et al, 2019;.…”

Section: Synonym Substitution For Other Nlp Problemsmentioning

confidence: 99%

Towards Robustness of Text-to-SQL Models against Synonym Substitution

Gan¹,

Huang²,

Purver³

et al. 2021

Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Confer

View full text Add to dashboard Cite

Recently, there has been significant progress in studying neural networks to translate text descriptions into SQL queries. Despite achieving good performance on some public benchmarks, existing text-to-SQL models typically rely on the lexical matching between words in natural language (NL) questions and tokens in table schemas, which may render the models vulnerable to attacks that break the schema linking mechanism. In this work, we investigate the robustness of text-to-SQL models to synonym substitution. In particular, we introduce Spider-Syn, a human-curated dataset based on the Spider benchmark for text-to-SQL translation. NL questions in Spider-Syn are modified from Spider, by replacing their schema-related words with manually selected synonyms that reflect real-world question paraphrases. We observe that the accuracy dramatically drops by eliminating such explicit correspondence between NL questions and table schemas, even if the synonyms are not adversarially selected to conduct worst-case adversarial attacks 1 . Finally, we present two categories of approaches to improve the model robustness. The first category of approaches utilizes additional synonym annotations for table schemas by modifying the model input, while the second category is based on adversarial training. We demonstrate that both categories of approaches significantly outperform their counterparts without the defense, and the first category of approaches are more effective. 2

show abstract

Generalization to Mitigate Synonym Substitution Attacks

Cited by 11 publications

References 32 publications

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions

Towards Robustness of Text-to-SQL Models against Synonym Substitution

Contact Info

Product

Resources

About