Skip to main content
Springer Nature Link
Log in

COVER: A Heuristic Greedy Adversarial Attack on Prompt-Based Learning in Language Models

  • Conference paper
  • First Online:
PRICAI 2023: Trends in Artificial Intelligence (PRICAI 2023)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 14326))

Included in the following conference series:

  • 990 Accesses

Abstract

Prompt-based learning has been proved to be an effective way in pre-trained language models (PLMs), especially in low-resource scenarios like few-shot settings. However, the trustworthiness of PLMs is of paramount significance and potential vulnerabilities have been shown in prompt-based templates that could mislead the predictions of language models, causing serious security concerns. In this paper, we will shed light on some vulnerabilities of PLMs, by proposing a prompt-based adversarial attack on manual templates in black box scenarios. First of all, we design character-level and word-level heuristic approaches to break manual templates separately. Then we present a greedy algorithm for the attack based on the above heuristic destructive approaches. Finally, we evaluate our approach with the classification tasks on three variants of BERT series models and eight datasets. And comprehensive experimental results justify the effectiveness of our approach in terms of attack success rate and attack speed.

Supported by Guangdong Provincial Key-Area Research and Development Program (2022B0101010005), Qinghai Provincial Science and Technology Research Program (2021-QY-206), National Natural Science Foundation of China (62071201), and Guangdong Basic and Applied Basic Research Foundation (No.2022A1515010119).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Liu, P., Yuan, W., Fu, J., Jiang, Z., Hayashi, H., Neubig, G.: Pre-train, prompt, and predict: a systematic survey of prompting methods in natural language processing. ACM Comput. Surv. 55(9), 1ā€“35 (2023)

    Article  Google Scholar 

  2. Gao, T., Fisch, A., Chen, D.: Making pre-trained language models better few-shot learners. arXiv preprint arXiv:2012.15723 (2020)

  3. Xu, L., Chen, Y., Cui, G., Gao, H., Liu, Z.: Exploring the Universal Vulnerability of Prompt-based Learning Paradigm. arXiv preprint arXiv:2204.05239 (2022)

  4. Shi, Y., Li, P., Yin, C., Han, Z., Zhou, L., Liu, Z.: PromptAttack: prompt-based attack for language models via gradient search. arXiv preprint arXiv:2209.01882 (2022)

  5. Lee, D., Moon, S., Lee, J., Song, H.O.: Query-efficient and scalable black-box adversarial attacks on discrete sequential data via Bayesian optimization. arXiv preprint arXiv:2206.08575 (2022)

  6. Chen, Y., Gao, H., Cui, G., Qi, F., Huang, L., Liu, Z., et al.: Why should adversarial perturbations be imperceptible? rethink the research paradigm in adversarial NLP. arXiv preprint arXiv:2210.10683 (2022)

  7. Devlin, J., Chang, M. W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)

  8. Liu, Y., et al.: RoBERTa: a robustly optimized BERT pretraining approach. arXiv preprint arXiv:1907.11692 (2019)

  9. Loshchilov, I., Hutter, F.: Fixing weight decay regularization in Adam. arXiv preprint arXiv: 1711.05101 (2017)

  10. Wang, A., Singh, A., Michael, J., Hill, F., Levy, O., Bowman, S.R.: GLUE: a multi-task benchmark and analysis platform for natural language understanding. arXiv preprint arXiv:1804.07461 (2018)

  11. Maas, A.L., Daly, R.E., Pham, P.T., Huang, D., Ng, A.Y., Potts, C.: Learning word vectors for sentiment analysis. In: Proceedings of the 49th annual meeting of the association for computational linguistics: Human language technologies, pp. 142ā€“150. Association for Computer Linguistics, Portland, Oregon, United States (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Jinan University, Guangzhou, 510632, China

    Zihao Tan, Qingliang Chen & Wenbin Zhu

  2. Guangzhou Xuanyuan Research Institute Co., Ltd., Guangzhou, 510006, China

    Yongjian Huang

Authors
  1. Zihao Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qingliang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenbin Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yongjian Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qingliang Chen .

Editor information

Editors and Affiliations

  1. Tsinghua University, Beijing, China

    Fenrong Liu

  2. SEEK Limited, Cremorne, NSW, Australia

    Arun Anand Sadanandan

  3. MIMOS (Malaysia), Kuala Lumpur, Malaysia

    Duc Nghia Pham

  4. Universitas Indonesia, Depok, Indonesia

    Petrus Mursanto

  5. Tabcorp Holdings Limited, Melbourne, VIC, Australia

    Dickson Lukose

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tan, Z., Chen, Q., Zhu, W., Huang, Y. (2024). COVER: A Heuristic Greedy Adversarial Attack on Prompt-Based Learning in Language Models. In: Liu, F., Sadanandan, A.A., Pham, D.N., Mursanto, P., Lukose, D. (eds) PRICAI 2023: Trends in Artificial Intelligence. PRICAI 2023. Lecture Notes in Computer Science(), vol 14326. Springer, Singapore. https://doi.org/10.1007/978-981-99-7022-3_30

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7022-3_30

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7021-6

  • Online ISBN: 978-981-99-7022-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics