Generating Black-Box Adversarial Examples for Text Classifiers Using a Deep Reinforced Model

Vijayaraghavan, P; Roy, D

Author(s)

Vijayaraghavan, P; Roy, D

DownloadAccepted version (635.4Kb)

Open Access Policy

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

© Springer Nature Switzerland AG 2020. Recently, generating adversarial examples has become an important means of measuring robustness of a deep learning model. Adversarial examples help us identify the susceptibilities of the model and further counter those vulnerabilities by applying adversarial training techniques. In natural language domain, small perturbations in the form of misspellings or paraphrases can drastically change the semantics of the text. We propose a reinforcement learning based approach towards generating adversarial examples in black-box settings. We demonstrate that our method is able to fool well-trained models for (a) IMDB sentiment classification task and (b) AG’s news corpus news categorization task with significantly high success rates. We find that the adversarial examples generated are semantics-preserving perturbations to the original text.

Date issued

2020

URI

https://hdl.handle.net/1721.1/137065

Department

Massachusetts Institute of Technology. Media Laboratory

Journal

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Publisher

Springer International Publishing

Citation

Vijayaraghavan, P and Roy, D. 2020. "Generating Black-Box Adversarial Examples for Text Classifiers Using a Deep Reinforced Model." Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 11907 LNAI.

Version: Author's final manuscript

Collections

MIT Open Access Articles