TREATED:Towards Universal Defense against Textual Adversarial Attacks

Zhu, Bin; Gu, Zhaoquan; Wang, Le; Tian, Zhihong

doi:10.48550/arxiv.2109.06176

Cited by 2 publications

(3 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FGWS [39]: Recognizing word substitutions via frequency disparities between original words and substitutes, the method substitutes infrequent terms with more prevalent synonyms, marking a sample as adversarial if prediction shifts surpass set limits. Furthermore, two restorations baselines were also considered: TREATED [42]: Presents a universal defense strategy named TREATED, which leverages multiple reference models to differentiate predictions between original and adversarial data. Adversarial instances, when identified, are restricted from entering the classification model and are instead utilized for adversarial training to enhance model robustness.…”

Section: E Baseline Defense Methodsmentioning

confidence: 99%

“…Building upon ScRNN, ScRNN with Fallbacks [41] offers mechanisms to handle 'unknown' words by either leaving them as is, substituting with a neutral term, or turning to an extensive word recognition model. TREATED [42] stands out by defending against universal disturbances without assumptions, relying on multiple reference models to predict on both clean and adversarial samples. The consistency of these models across datasets is its key strength.…”

Section: B Defensementioning

confidence: 99%

See 1 more Smart Citation

ZDDR: A Zero-Shot Defender for Adversarial Samples Detection and Restoration

Chen,

He,

2024

IEEE Access

View full text Add to dashboard Cite

Natural language processing (NLP) models find extensive applications but face vulnerabilities against adversarial inputs. Traditional defenses lean heavily on supervised detection techniques, which makes them vulnerable to issues arising from training data quality, inherent biases, noise, or adversarial inputs. This study observed common compromises in sentence fluency during aggression. On this basis, the Zero Sample Defender (ZDDR) is introduced for adversarial sample detection and recovery without relying on prior knowledge. ZDDR combines the log probability calculated by the model and the syntactic normative score of a large language model (LLM) to detect adversarial examples. Furthermore, using strategic prompts, ZDDR guides LLM in rephrasing adversarial content, maintaining clarity, structure, and meaning, thereby restoring the sentence from the attack. Benchmarking reveals a 9% improvement in area under receiver operating characteristic curve (AUROC) for adversarial detection over existing techniques. Post-restoration, model classification efficacy surges by 45% compared to the offensive inputs, setting new performance standards against other restoration techniques.

show abstract

Section: E Baseline Defense Methodsmentioning

confidence: 99%

Section: B Defensementioning

confidence: 99%

ZDDR: A Zero-Shot Defender for Adversarial Samples Detection and Restoration

Chen,

He,

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…They further proposed defense strategies by detection of hacked inputs and output correct results and preserving the correct input and giving its output. In a different line, the work Zhu et al [139] proposed a universal perturbation detection method, TREATED to defend against various perturbation levels without making any priory assumptions. They utilized several reference models to make different predictions about clean and adversarial examples and block them if found adversarial.…”

Section: Perturbation Identification and Correctionmentioning

confidence: 99%

A survey in Adversarial Defences and Robustness in NLP

Goyal¹,

Doddapaneni²,

Khapra³

et al. 2022

Preprint

View full text Add to dashboard Cite

In recent years, it has been seen that deep neural networks are lacking robustness and are likely to break in case of adversarial perturbations in input data. Strong adversarial attacks are proposed by various authors for computer vision and Natural Language Processing (NLP). As a counter-effort, several defense mechanisms are also proposed to save these networks from failing. In contrast with image data, generating adversarial attacks and defending these models is not easy in NLP because of the discrete nature of the text data. However, numerous methods for adversarial defense are proposed of late, for different NLP tasks such as text classification, named entity recognition, natural language inferencing, etc. These methods are not just used for defending neural networks from adversarial attacks, but also used as a regularization mechanism during training, saving the model from overfitting. The proposed survey is an attempt to review different methods proposed for adversarial defenses in NLP in the recent past by proposing a novel taxonomy. This survey also highlights the fragility of the advanced deep neural networks in NLP and the challenges in defending them.

show abstract

TREATED:Towards Universal Defense against Textual Adversarial Attacks

Cited by 2 publications

References 25 publications

ZDDR: A Zero-Shot Defender for Adversarial Samples Detection and Restoration

ZDDR: A Zero-Shot Defender for Adversarial Samples Detection and Restoration

A survey in Adversarial Defences and Robustness in NLP

Contact Info

Product

Resources

About