TITLE:
FastAttacker: Semantic Perturbation Functions via Three Classifications
AUTHORS:
Meng Lu
KEYWORDS:
FastAttack, Text Learning, Deep Neural Network
JOURNAL NAME:
Journal of Information Security,
Vol.14 No.2,
April
28,
2023
ABSTRACT: Deep neural networks (DNNs) have achieved great
success in tasks such as image
classification, speech recognition, and natural language processing. However,
they are susceptible to false predictions caused by adversarial exemplars,
which are normal inputs with imperceptible perturbations. Adversarial samples
have been widely studied in image classification, but not as much in text
classification. Current textual attack methods often rely on low-success-rate
heuristic replacement strategies at the character or word level, which cannot
search for the best solution while maintaining semantic consistency and
linguistic fluency. Our framework, FastAttacker, generates natural adversarial
text efficiently and effectively by constructing different semantic
perturbation functions. It optimizes perturbations constrained in generic
semantic spaces, such as the typo space, knowledge space, contextualized
semantic space, or a combination. As a
result, the generated adversarial texts are semantically close to the
original inputs. Experiments show that FastAttacker generates adversarial texts
from different levels of spatial constraints, making the problem of finding synonyms an optimal solution problem. Our
approach is not only robust in terms of attack generation, but also in
terms of adversarial defense. Experiments have shown that state-of-the-art
language models and defense strategies are still vulnerable to FastAttack
attacks.