Generating Black-Box Adversarial Examples for Text Classifiers Using a Deep Reinforced Model

• dc.contributor.author: Vijayaraghavan, P
• dc.contributor.author: Roy, D
• dc.date.issued: 2020
• dc.identifier.uri: https://hdl.handle.net/1721.1/137065
• dc.description.abstract: © Springer Nature Switzerland AG 2020. Recently, generating adversarial examples has become an important means of measuring robustness of a deep learning model. Adversarial examples help us identify the susceptibilities of the model and further counter those vulnerabilities by applying adversarial training techniques. In natural language domain, small perturbations in the form of misspellings or paraphrases can drastically change the semantics of the text. We propose a reinforcement learning based approach towards generating adversarial examples in black-box settings. We demonstrate that our method is able to fool well-trained models for (a) IMDB sentiment classification task and (b) AG’s news corpus news categorization task with significantly high success rates. We find that the adversarial examples generated are semantics-preserving perturbations to the original text.
• dc.language.iso: en
• dc.publisher: Springer International Publishing
• dc.relation.isversionof: 10.1007/978-3-030-46147-8_43
• dc.source: arXiv
• dc.type: Article
• dc.identifier.citation: Vijayaraghavan, P and Roy, D. 2020. "Generating Black-Box Adversarial Examples for Text Classifiers Using a Deep Reinforced Model." Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 11907 LNAI.
• dc.contributor.department: Massachusetts Institute of Technology. Media Laboratory
• dc.relation.journal: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
• dc.eprint.version: Author's final manuscript
• mit.journal.volume: 11907 LNAI