Skip to main content
SpringerLink
Log in

Chinese adversarial examples generation approach with multi-strategy based on semantic

  • Regular Paper
  • Published:
Knowledge and Information Systems Aims and scope Submit manuscript

Abstract

Recent studies have shown that after adding small perturbations that are imperceptible to humans, deep neural networks (DNNs) with good performance and popular application are likely to produce incorrect results. These processed samples are called adversarial examples. High-quality adversarial examples help to increase the accuracy of estimating the robustness of the network model, thereby reducing the security risks behind the unreal high accuracy of the model. And there are few existing researches on Chinese texts in this field, therefore, this paper proposes a Chinese adversarial examples generation approach with multi-strategy based on semantic called GreedyAttack. Based on the analysis of the characteristics of the Chinese version, the ranking of the influence of each word in the text is obtained according to the calculation formula of the word importance with the weighted part-of-speech. Next, five strategies including synonymous words, similar words of form, similar words of sound, pinyin rewriting, and phrase disassembly are combined to replace the original words, and then, the black box attack on the DNNs models is completed. The method is evaluated by attacking the BERT and ERNIE models on three data sets. The results indicate that the adversarial examples generated by the method can effectively reduce the accuracy of the model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. Che, Wanxiang Feng, Yunlong Qin, Libo Liu, Ting(2020)N-LTP: A Open-source Neural Chinese Language Technology Platform with Pretrained Models. https://github.com/HIT-SCIR/pyltp. Accessed 1 June 2021.

  2. Hai Liang Wang, Hu Ying Xi(2017)Synonyms. https://github.com/chatopera/Synonyms. Accessed 1 December 2020.

  3. Qi, Fanchao Yang, Chenghao Liu, Zhiyuan Dong, Qiang Sun, Maosong Dong et al. (2020) OpenHowNet: An Open Sememe-based Lexical Knowledge Base. https://github.com/thunlp/OpenHowNet. Accessed 1 December 2020.

  4. Google(2019)universal-sentence-encoder-multilingual. https://tfhub.dev/google/universal-sentence-encoder-multilingual/3. Accessed 1 June 2021.

  5. SophonPlus (2018) ChnSentiCorp_htl_all. https://github.com/SophonPlus/ChineseNlpCorpus. Accessed 1 December 2020.

  6. PaddlePaddle (2019) ERNIE. https://github.com/PaddlePaddle/ERNIE. Accessed 1 December 2020.

  7. Maosong Sun, Jingyang Li, Zhipeng Guo, Yu Zhao, Yabin Zheng, Xiance Si et al. (2016) THUCTC: An Efficient Chinese Text Classifier. http://thuctc.thunlp.org. Accessed 1 December 2020.

References

  1. Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D (2014) Intriguing properties of neural networks. CoRR arXiv:1312.6199

  2. Carlini N, Wagner D (2018) Targeted attacks on speech-to-text. In: IEEE security and privacy workshops, pp 1–7

  3. Jin D, Jin Z, Zhou JT, Szolovits P (2020) Is BERT really robust? A strong baseline for natural language attack on text classification and entailment. In: AAAI conference on artificial intelligence, pp 8018–8025

  4. Papernot N, McDaniel P, Swami A, Harang R (2016) Crafting adversarial input sequences for recurrent neural networks. In: IEEE military communications conference, pp 49–54

  5. Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. CoRR arXiv:1412.6572

  6. Jia R, Liang P (2017) Adversarial examples for evaluating reading comprehension systems. In: Conference on empirical methods in natural language processing, pp 2021–2031

  7. Belinkov Y, Bisk Y (2018) Synthetic and natural noise both break neural machine translation. CoRR arXiv:1711.02173

  8. Glockner M, Shwartz V, Goldberg Y (2018) Breaking NLI systems with sentences that require simple lexical inferences. In: Annual meeting of the association for computational linguistics, pp 650–655

  9. Zhang WE, Sheng QZ, Alhazmi AAF, Li C (2020) Adversarial attacks on deep-learning models in natural language processing: a survey. ACM Trans Intell Syst Technol 11(3):24:1-24:41

    Google Scholar 

  10. Ebrahimi J, Rao A, Lowd D, Dou D (2018) HotFlip: white-box adversarial examples for text classification. In: Annual meeting of the association for computational linguistics, pp 31–36

  11. Ren S, Deng Y, He K, Che W (2019) Generating natural language adversarial examples through probability weighted word saliency. In: Conference of the association for computational linguistics, pp 1085–1097

  12. Niu T, Bansal M (2018) Adversarial over-sensitivity and over-stability strategies for dialogue models. In: Conference on computational natural language learning, pp 486–496

  13. Gao J, Lanchantin J, Soffa ML, Qi Y (2018) Black-box generation of adversarial text sequences to evade deep learning classifiers. In: IEEE security and privacy workshops, pp 50–56

  14. Li L, Ma R, Guo Q, Xue X, Qiu X (2020) BERT-ATTACK: adversarial attack against BERT using BERT. In: Conference on empirical methods in natural language processing, pp 6193–6202

  15. Wang W, Wang R, Wang L, Tang B (2019) Adversarial examples generation approach for tendency classification on Chinese texts. Ruan Jian Xue Bao/J Softw 30(08):2415–2427

    Google Scholar 

  16. Tong X, Wang L, Wang R, Wang J (2020) A generation method of word-level adversarial samples for Chinese text classification. Netinfo Secur 20(09):12–16

    Google Scholar 

  17. Zang Y, Qi F, Yang C, Liu Z, Zhang M, Liu Q, Sun M (2020) Word-level textual adversarial attacking as combinatorial optimization. In: Annual meeting of the association for computational linguistics, pp 6066–6080

  18. Chakraborty A, Alam M, Dey V, Chattopadhyay A, Mukhopadhyay D (2018) Adversarial attacks and defences: a survey. CoRR arXiv:1810.00069

  19. Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser L, Polosukhin I (2017) Attention is all you need. In: Advances in neural information processing systems, pp 5998–6008

  20. Devlin J, Chang MW , Lee K, Toutanova K (2018) BERT: pre-training of deep bidirectional transformers for language understanding. CoRR arXiv:1810.04805

  21. Zhang Z, Han X, Liu Z, Jiang X, Sun M, Liu Q (2019) ERNIE: enhanced language representation with informative entities. In: Conference of the association for computational linguistics, pp 1441–1451

Download references

Author information

Authors and Affiliations

  1. Software College, Xinjiang University, Urumqi, 830008, China

    Hongxu Ou, Shengwei Tian & Xin Chen

  2. The Key Laboratory of Software Engineering, Xinjiang University, Urumqi, 830008, China

    Hongxu Ou & Xin Chen

  3. Network Center, Xinjiang University, Urumqi, 830046, China

    Long Yu

Authors
  1. Hongxu Ou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Long Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shengwei Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xin Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Long Yu.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This work was supported by the National Natural Science Foundation of China (61962057), Key Program of National Natural Science Foundation of China (U2003208), Major science and technology projects in the autonomous region (2020A03004-4), and Autonomous Region Key R&D Project (2021B01002).

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ou, H., Yu, L., Tian, S. et al. Chinese adversarial examples generation approach with multi-strategy based on semantic. Knowl Inf Syst 64, 1101–1119 (2022). https://doi.org/10.1007/s10115-022-01652-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10115-022-01652-1

Keywords

Search

Navigation