Abstract
The bad information in the network is often filtered by the neural network model, which is easy to be attacked by various adversarial samples. In order to improve the text filtering ability of the neural network model, it is necessary to make the filtering model learn more bad text feature information, especially the feature information that is not recognized by the filtering model at present. Therefore, having more abundant and diverse high-quality data set is one of the ideal methods to improve the accuracy of neural network filtering model. First of all, aiming at the generation of Chinese adversarial samples, we propose a method to generate semantically similar adversarial samples based on GPT2 model. At the same time, we put forward the mutation strategy by using three kinds of mutation methods (homophonic substitution, visual replacement and letters replaced), in order to extend the data set. So that we can improve the performance of classification models. After retraining the classifier with the expanded data set, the accuracy of the LSTM model of the classifier is improved from 82% to 93%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)
DU Xiaohu, W.H., YI Zibo, L.S., MA Ju, N.Y.J.: Adversarial text attack and defense:a review. J. Chin. Inf. Process. 35(08), 1–15 (2021)
Ebrahimi, J., Lowd, D., Dou, D.: On adversarial examples for character-level neural machine translation. arXiv preprint arXiv:1806.09030 (2018)
Ebrahimi, J., Rao, A., Lowd, D., Dou, D.: Hotflip: white-box adversarial examples for text classification. arXiv preprint arXiv:1712.06751 (2017)
Gao, J., Lanchantin, J., Soffa, M.L., Qi, Y.: Black-box generation of adversarial text sequences to evade deep learning classifiers. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 50–56. IEEE (2018)
Goodfellow, I., et al.: Generative adversarial nets. Adv. Neural Inf. Process. Syst. 27 (2014)
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)
Jia, R., Liang, P.: Adversarial examples for evaluating reading comprehension systems. arXiv preprint arXiv:1707.07328 (2017)
Li, L., Shao, Y., Song, D., Qiu, X., Huang, X.: Generating adversarial examples in Chinese texts using sentence-pieces. arXiv preprint arXiv:2012.14769 (2020)
Liang, B., Li, H., Su, M., Bian, P., Li, X., Shi, W.: Deep text classification can be fooled. arXiv preprint arXiv:1704.08006 (2017)
Radford, A., Narasimhan, K., Salimans, T., Sutskever, I.: Improving language understanding by generative pre-training (2018)
Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., Sutskever, I., et al.: Language models are unsupervised multitask learners. OpenAI Blog 1(8), 9 (2019)
Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)
Tong, X., Wang, L., Wang, R., Wang, J.: A generation method of word-level adversarial samples for Chinese text classification. Netinfo Secur. 20(9), 12–16 (2020)
Tsai, Y.T., Yang, M.C., Chen, H.Y.: Adversarial attack on sentiment classification. In: Proceedings of the 2019 ACL Workshop BlackboxNLP: Analyzing and Interpreting Neural Networks for NLP, pp. 233–240 (2019)
Wang, C.L., Yang, Y.H., Deng, F., Lai, H.Y.: A review of text similarity approaches. Inf. Sci. 37(3), 158–168 (2019)
Wang, W., Wang, R., Wang, L., Tang, B.: Adversarial examples generation approach for tendency classification on Chinese texts. Ruan Jian Xue Bao/J. Softw. 30, 1–14 (2019). in Chinese
Wu, Z., Tian, L., Li, P., Wu, T., Jiang, M., Wu, C.: Generating stable biometric keys for flexible cloud computing authentication using finger vein. Inf. Sci. 433, 431–447 (2018)
Wu, Z., Kang, J., Jiang, Q.: Semantic key generation based on natural language. Int. J. Intell. Syst. 37(7), 4041–4064 (2021)
Wu, Z., Lv, Z., Kang, J., Ding, W., Zhang, J.: Fingerprint bio-key generation based on a deep neural network. Int. J. Intell. Syst. (2021)
Acknowledgements
This research is funded by National Key R &D Program of China (No.2018YFB0804102), Key Projects of NSFC Joint Fund of China (No. U1866209), National Natural Science Foundation of China (No. 61772162).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Jiang, Q., Kang, J., Wu, Z. (2023). Performance Improvement of Classification Model Based on Adversarial Sample Generation. In: Xu, Y., Yan, H., Teng, H., Cai, J., Li, J. (eds) Machine Learning for Cyber Security. ML4CS 2022. Lecture Notes in Computer Science, vol 13656. Springer, Cham. https://doi.org/10.1007/978-3-031-20099-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-20099-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20098-4
Online ISBN: 978-3-031-20099-1
eBook Packages: Computer ScienceComputer Science (R0)