Abstract
Recent studies have shown that after adding small perturbations that are imperceptible to humans, deep neural networks (DNNs) with good performance and popular application are likely to produce incorrect results. These processed samples are called adversarial examples. High-quality adversarial examples help to increase the accuracy of estimating the robustness of the network model, thereby reducing the security risks behind the unreal high accuracy of the model. And there are few existing researches on Chinese texts in this field, therefore, this paper proposes a Chinese adversarial examples generation approach with multi-strategy based on semantic called GreedyAttack. Based on the analysis of the characteristics of the Chinese version, the ranking of the influence of each word in the text is obtained according to the calculation formula of the word importance with the weighted part-of-speech. Next, five strategies including synonymous words, similar words of form, similar words of sound, pinyin rewriting, and phrase disassembly are combined to replace the original words, and then, the black box attack on the DNNs models is completed. The method is evaluated by attacking the BERT and ERNIE models on three data sets. The results indicate that the adversarial examples generated by the method can effectively reduce the accuracy of the model.
Similar content being viewed by others
Notes
Che, Wanxiang Feng, Yunlong Qin, Libo Liu, Ting(2020)N-LTP: A Open-source Neural Chinese Language Technology Platform with Pretrained Models. https://github.com/HIT-SCIR/pyltp. Accessed 1 June 2021.
Hai Liang Wang, Hu Ying Xi(2017)Synonyms. https://github.com/chatopera/Synonyms. Accessed 1 December 2020.
Qi, Fanchao Yang, Chenghao Liu, Zhiyuan Dong, Qiang Sun, Maosong Dong et al. (2020) OpenHowNet: An Open Sememe-based Lexical Knowledge Base. https://github.com/thunlp/OpenHowNet. Accessed 1 December 2020.
Google(2019)universal-sentence-encoder-multilingual. https://tfhub.dev/google/universal-sentence-encoder-multilingual/3. Accessed 1 June 2021.
SophonPlus (2018) ChnSentiCorp_htl_all. https://github.com/SophonPlus/ChineseNlpCorpus. Accessed 1 December 2020.
PaddlePaddle (2019) ERNIE. https://github.com/PaddlePaddle/ERNIE. Accessed 1 December 2020.
Maosong Sun, Jingyang Li, Zhipeng Guo, Yu Zhao, Yabin Zheng, Xiance Si et al. (2016) THUCTC: An Efficient Chinese Text Classifier. http://thuctc.thunlp.org. Accessed 1 December 2020.
References
Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D (2014) Intriguing properties of neural networks. CoRR arXiv:1312.6199
Carlini N, Wagner D (2018) Targeted attacks on speech-to-text. In: IEEE security and privacy workshops, pp 1–7
Jin D, Jin Z, Zhou JT, Szolovits P (2020) Is BERT really robust? A strong baseline for natural language attack on text classification and entailment. In: AAAI conference on artificial intelligence, pp 8018–8025
Papernot N, McDaniel P, Swami A, Harang R (2016) Crafting adversarial input sequences for recurrent neural networks. In: IEEE military communications conference, pp 49–54
Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. CoRR arXiv:1412.6572
Jia R, Liang P (2017) Adversarial examples for evaluating reading comprehension systems. In: Conference on empirical methods in natural language processing, pp 2021–2031
Belinkov Y, Bisk Y (2018) Synthetic and natural noise both break neural machine translation. CoRR arXiv:1711.02173
Glockner M, Shwartz V, Goldberg Y (2018) Breaking NLI systems with sentences that require simple lexical inferences. In: Annual meeting of the association for computational linguistics, pp 650–655
Zhang WE, Sheng QZ, Alhazmi AAF, Li C (2020) Adversarial attacks on deep-learning models in natural language processing: a survey. ACM Trans Intell Syst Technol 11(3):24:1-24:41
Ebrahimi J, Rao A, Lowd D, Dou D (2018) HotFlip: white-box adversarial examples for text classification. In: Annual meeting of the association for computational linguistics, pp 31–36
Ren S, Deng Y, He K, Che W (2019) Generating natural language adversarial examples through probability weighted word saliency. In: Conference of the association for computational linguistics, pp 1085–1097
Niu T, Bansal M (2018) Adversarial over-sensitivity and over-stability strategies for dialogue models. In: Conference on computational natural language learning, pp 486–496
Gao J, Lanchantin J, Soffa ML, Qi Y (2018) Black-box generation of adversarial text sequences to evade deep learning classifiers. In: IEEE security and privacy workshops, pp 50–56
Li L, Ma R, Guo Q, Xue X, Qiu X (2020) BERT-ATTACK: adversarial attack against BERT using BERT. In: Conference on empirical methods in natural language processing, pp 6193–6202
Wang W, Wang R, Wang L, Tang B (2019) Adversarial examples generation approach for tendency classification on Chinese texts. Ruan Jian Xue Bao/J Softw 30(08):2415–2427
Tong X, Wang L, Wang R, Wang J (2020) A generation method of word-level adversarial samples for Chinese text classification. Netinfo Secur 20(09):12–16
Zang Y, Qi F, Yang C, Liu Z, Zhang M, Liu Q, Sun M (2020) Word-level textual adversarial attacking as combinatorial optimization. In: Annual meeting of the association for computational linguistics, pp 6066–6080
Chakraborty A, Alam M, Dey V, Chattopadhyay A, Mukhopadhyay D (2018) Adversarial attacks and defences: a survey. CoRR arXiv:1810.00069
Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser L, Polosukhin I (2017) Attention is all you need. In: Advances in neural information processing systems, pp 5998–6008
Devlin J, Chang MW , Lee K, Toutanova K (2018) BERT: pre-training of deep bidirectional transformers for language understanding. CoRR arXiv:1810.04805
Zhang Z, Han X, Liu Z, Jiang X, Sun M, Liu Q (2019) ERNIE: enhanced language representation with informative entities. In: Conference of the association for computational linguistics, pp 1441–1451
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This work was supported by the National Natural Science Foundation of China (61962057), Key Program of National Natural Science Foundation of China (U2003208), Major science and technology projects in the autonomous region (2020A03004-4), and Autonomous Region Key R&D Project (2021B01002).
Rights and permissions
About this article
Cite this article
Ou, H., Yu, L., Tian, S. et al. Chinese adversarial examples generation approach with multi-strategy based on semantic. Knowl Inf Syst 64, 1101–1119 (2022). https://doi.org/10.1007/s10115-022-01652-1
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10115-022-01652-1