Skip to main content
SpringerLink
Log in

Rule-based adversarial sample generation for text classification

  • Review
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

In Text Classification, modern neural networks have achieved great performance, but simultaneously, it is sensitive to adversarial examples. Existing studies usually use synonym replacement or token insertion strategies to generate adversarial examples. These strategies focus on obtaining semantically similar adversarial examples, but they ignore the richness of generating adversarial examples. To expand the richness of adversarial samples. Here, we propose a simple Rule-based Adversarial sample Generator (RAG) to generate adversarial samples by controlling the size of the perturbation added to the sentence matrix representation. Concretely, we introduce two methods to control the size of the added perturbation, i) Control the number of word replacements in sentences (RAG(R)); ii) Control the size of the offset value added to the sentence matrix representation (RAG(A)). Based on RAG, we will obtain numerous adversarial samples to make the model more robust to adversarial noise, and thereby improving the model’s generalization ability. Compared with the BERT and BiLSTM model baseline, experiments show that our method reduces the error rate by an average of 18% on four standard training datasets. Especially in low-training data scenarios, the overall average accuracy is increased by 12%. Extensive experimental results demonstrate that our method not only achieves excellent classification performance on the standard training datasets, but it still gets prominent performance on few-shot text classification.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Blum A, Mitchell T (1998) Combining labeled and unlabeled data with co-training. In: Proceedings of the eleventh annual conference on Computational learning theory, pp 92–100

  2. Bakshi RK, Kaur N, Kaur R, Kaur G (2016) Opinion mining and sentiment analysis. In: 2016 3rd international conference on computing for sustainable global development (INDIACom), IEEE, pp 452–455

  3. Lewis DD, Yang Y, Rose TG, Li F (2004) Rcv1: a new benchmark collection for text categorization research. J Mach Learn Res 5(Apr):361–397

    Google Scholar 

  4. Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780

    Article  Google Scholar 

  5. Cornegruta S, Bakewell R, Withey S, Montana G (2016) Modelling radiological language with bidirectional long short-term memory networks. In: Proceedings of the seventh international workshop on health text mining and information analysis, association for computational linguistics, Auxtin, TX, pp 17–27, https://doi.org/10.18653/v1/W16-6103

  6. Devlin J, Chang MW, Lee K, Toutanova K (2019) Bert: pre-training of deep bidirectional transformers for language understanding. In: NAACL-HLT (1)

  7. Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2017) Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia conference on computer and communications security, pp 506–519

  8. Kurakin A, Goodfellow I, Bengio S, et al. (2016) Adversarial examples in the physical world

  9. Goodfellow IJ, Shlens J, Szegedy C (2014) Explaining and harnessing adversarial examples. arXiv preprint arXiv:14126572

  10. Zhao Z, Dua D, Singh S (2018) Generating natural adversarial examples

  11. Ebrahimi J, Rao A, Lowd D, Dou D (2018) Hotflip: White-box adversarial examples for text classification. In: Proceedings of the 56th annual meeting of the association for computational linguistics (Vol 2: Short Papers), pp 31–36

  12. Li J, Monroe W, Jurafsky D (2016) Understanding neural networks through representation erasure. arXiv preprint arXiv:161208220

  13. Liang B, Li H, Su M, Bian P, Shi W (2018) Deep text classification can be fooled. In: IJCAI

  14. Ren S, Deng Y, He K, Che W (2019) Generating natural language adversarial examples through probability weighted word saliency. In: Proceedings of the 57th annual meeting of the association for computational linguistics, pp 1085–1097

  15. Jin D, Jin Z, Zhou JT, Szolovits P (2019) Is bert really robust? natural language attack on text classification and entailment. arXiv preprint arXiv:190711932 2

  16. Garg S, Ramakrishnan G (2020) Bae: Bert-based adversarial examples for text classification. In: Proceedings of the 2020 conference on empirical methods in natural language processing (EMNLP), pp 6174–6181

  17. Croce D, Castellucci G, Basili R (2020) Gan-bert: Generative adversarial learning for robust text classification with a bunch of labeled examples. In: Proceedings of the 58th annual meeting of the association for computational linguistics, pp 2114–2119

  18. Mahabal A, Baldridge J, Ayan BK, Perot V, Roth D (2019) Text classification with few examples using controlled generalization. In: Proceedings of the 2019 conference of the North American chapter of the association for computational linguistics: human language technologies, Volume 1 (Long and Short Papers), pp 3158–3167

  19. Mukherjee S, Awadallah A (2020) Uncertainty-aware self-training for few-shot text classification. Adv Neural Inf Process Syst 33:21199–21212

    Google Scholar 

  20. Moosavi-Dezfooli SM, Fawzi A, Fawzi O, Frossard P (2017) Universal adversarial perturbations. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 1765–1773

  21. Zhengli Zhao SS Dheeru Dua (2017) Generating natural adversarial examples. CoRR abs/1710.11342

  22. Ebrahimi J, Rao A, Lowd D, Dou D (2017) Hotflip: White-box adversarial examples for text classification. arXiv preprint arXiv:171206751

  23. Li J, Ji S, Du T, Li B, Wang T (2018) Textbugger: Generating adversarial text against real-world applications. arXiv preprint arXiv:181205271

  24. Gao J, Lanchantin J, Soffa ML, Qi Y (2018) Black-box generation of adversarial text sequences to evade deep learning classifiers. In: 2018 IEEE security and privacy workshops (SPW), IEEE, pp 50–56

  25. Alzantot M, Sharma Y, Elgohary A, Ho BJ, Chang KW (2018) Generating natural language adversarial examples. In: Proceedings of the 2018 conference on empirical methods in natural language processing

  26. Ren S, Deng Y, He K, Che W (2019) Generating natural language adversarial examples through probability weighted word saliency. In: Proceedings of the 57th annual meeting of the association for computational linguistics, association for computational linguistics, Florence, Italy, pp 1085–1097, https://doi.org/10.18653/v1/P19-1103

  27. Ribeiro MT, Singh S, Guestrin C (2018) Semantically equivalent adversarial rules for debugging nlp models. In: Proceedings of the 56th annual meeting of the association for computational linguistics (Vol 1: Long Papers)

  28. Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. Stat 1050:20

    Google Scholar 

  29. Werbos PJ (1988) Generalization of backpropagation with application to a recurrent gas market model. Neural Netw 1(4):339–356

    Article  Google Scholar 

  30. Sachan DS, Zaheer M, Salakhutdinov R (2019) Revisiting lstm networks for semi-supervised text classification via mixed objective function. Proc AAAI Conf Artif Intell 33:6940–6948

    Google Scholar 

  31. Maas AL, Daly RE, Pham PT, Huang D, Potts C (2011) Learning word vectors for sentiment analysis. In: meeting of the association for computational linguistics: human language technologies

  32. Johnson R, Zhang T (2015) Effective use of word order for text categorization with convolutional neural networks. In: Proceedings of the 2015 conference of the North American chapter of the association for computational linguistics: human language technologies, pp 103–112

  33. Zhang X, Zhao J, Lecun Y (2015) Character-level convolutional networks for text classification. Neural Inf Process Syst

  34. Schuster M, Paliwal KK (1997) Bidirectional recurrent neural networks. IEEE Trans Signal Process 45(11):2673–2681

    Article  Google Scholar 

  35. Mikolov T, Grave É, Bojanowski P, Puhrsch C, Joulin A (2018) Advances in pre-training distributed word representations. In: Proceedings of the eleventh international conference on language resources and evaluation (LREC 2018)

  36. Mikolov T, Sutskever I, Chen K, Corrado G, Dean J (2013) Distributed representations of words and phrases and their compositionality. Adv Neural Inf Process Syst 26

  37. Kingma D, Ba J (2014) Adam: a method for stochastic optimization. Comput Sci

  38. Kim Y (2014) Convolutional neural networks for sentence classification. In: Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP), association for computational linguistics, Doha, Qatar, pp 1746–1751, https://doi.org/10.3115/v1/D14-1181

  39. Johnson R, Zhang T (2017) Deep pyramid convolutional neural networks for text categorization. In: Proceedings of the 55th annual meeting of the association for computational linguistics (Vol 1: Long Papers), association for computational linguistics, Vancouver, Canada, pp 562–570, https://doi.org/10.18653/v1/P17-1052

  40. Joulin A, Grave É, Bojanowski P, Mikolov T (2017) Bag of tricks for efficient text classification. In: Proceedings of the 15th conference of the European chapter of the association for computational linguistics, Vol 2, Short Papers, pp 427–431

  41. Sachan DS, Zaheer M, Salakhutdinov R (2019) Revisiting lstm networks for semi-supervised text classification via mixed objective function. Proc AAAI Conf Artif Intell 33:6940–6948

    Google Scholar 

  42. Li P, Zhong P, Mao K, Wang D, Yang X, Liu Y, Jx Yin, See S (2021) Act: an attentive convolutional transformer for efficient text classification. Proc AAAI Conf Artif Intell 35:13261–13269

    Google Scholar 

  43. Radford A, Wu J, Child R, Luan D, Amodei D, Sutskever I et al (2019) Language models are unsupervised multitask learners. OpenAI Blog 1(8):9

    Google Scholar 

  44. Liu Y, Ott M, Goyal N, Du J, Joshi M, Chen D, Levy O, Lewis M, Zettlemoyer L, Stoyanov V (2019) Roberta: a robustly optimized bert pretraining approach. arXiv preprint arXiv:190711692

Download references

Acknowledgements

This work was supported by the Innovation Foundation of Science and Technology of Dalian under Grant No. 2018J12GX045 and National Key R&D Program of China under Grant No. 2018AAA0100300.

Author information

Author notes

  1. Nianmin Yao & Jian Zhao

    Present address: Ningbo Institute of Dalian University of Technology, Ningbo, China

Authors and Affiliations

  1. School of Computer Science, Dalian University of Technology, Dalian, 116024, China

    Nai Zhou & Nianmin Yao

  2. School of Automotive Engineering, Dalian University of Technology, Dalian, 116024, China

    Jian Zhao

  3. Automotive Data of China Co. Ltd, Tianjin, 300300, China

    Yanan Zhang

Authors
  1. Nai Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nianmin Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jian Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yanan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nianmin Yao.

Ethics declarations

Conflict of interest

We declare that we have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhou, N., Yao, N., Zhao, J. et al. Rule-based adversarial sample generation for text classification. Neural Comput & Applic 34, 10575–10586 (2022). https://doi.org/10.1007/s00521-022-07184-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-022-07184-7

Keywords

Search

Navigation