Ranking-Incentivized Quality Preserving Content Modification

Goren, Gregory; Kurland, Oren; Tennenholtz, Moshe; Raiber, Fiana

doi:10.1145/3397271.3401058

Cited by 8 publications

(2 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We randomly choose a starting position in 𝑑 and replace the following successive 𝑛 words with 𝑛 words extracted from a sentence pool 𝑆 𝑝𝑜𝑜𝑙 . Following [16] where authors tend to mimic content in documents that were highly ranked in the past for a query of interest, we construct 𝑆 𝑝𝑜𝑜𝑙 by collecting sentences in documents that are ranked higher than 𝑑.…”

Section: Traditional Term Spamming Methodsmentioning

confidence: 99%

“…Besides, Raval and Verma [47] explored to lower the rank of a document by token changes. Recently, Goren et al [16] proposed to promote the rank of the document by replacing a passage in the document with some other passage. However, their evaluation for content-quality maintenance relies on the human judges, and their study is conducted on feature-based learning to rank models.…”

Section: Adversarial Attacksmentioning

confidence: 99%

See 1 more Smart Citation

PRADA: Practical Black-Box Adversarial Attacks against Neural Ranking Models

Chen¹,

Zhang²,

Guo³

et al. 2022

Preprint

View full text Add to dashboard Cite

Neural ranking models (NRMs) have shown remarkable success in recent years, especially with pre-trained language models. However, deep neural models are notorious for their vulnerability to adversarial examples. Adversarial attacks may become a new type of web spamming technique given our increased reliance on neural information retrieval models. Therefore, it is important to study potential adversarial attacks to identify vulnerabilities of NRMs before they are deployed.In this paper, we introduce the Adversarial Document Ranking Attack (ADRA) task against NRMs, which aims to promote a target document in rankings by adding adversarial perturbations to its text. We focus on the decision-based black-box attack setting, where the attackers have no access to the model parameters and gradients, but can only acquire the rank positions of the partial retrieved list by querying the target model. This attack setting is realistic in real-world search engines. We propose a novel Pseudo Relevancebased ADversarial ranking Attack method (PRADA) that learns a surrogate model based on Pseudo Relevance Feedback (PRF) to generate gradients for finding the adversarial perturbations.Experiments on two web search benchmark datasets show that PRADA can outperform existing attack strategies and successfully fool the NRM with small indiscernible perturbations of text. CCS CONCEPTS• Information systems → Retrieval models and ranking; Adversarial retrieval.

show abstract

Section: Traditional Term Spamming Methodsmentioning

confidence: 99%

Section: Adversarial Attacksmentioning

confidence: 99%