2020BCS-北京网络安全大会：针对现实应用的文本对抗攻击研究.pdf

《2020BCS-北京网络安全大会：针对现实应用的文本对抗攻击研究.pdf》由会员分享，可在线阅读，更多相关《2020BCS-北京网络安全大会：针对现实应用的文本对抗攻击研究.pdf（36页珍藏版）》请在三个皮匠报告上搜索。

1、LEHIGH浙江大学BerkeleyUNIVERSITYZhejiangUniversityTextBugger: Generating Adversarial Text AgainstReal-worldApplicationsJinfeng LiShouling JiTianyu DuBo LiTingWangINFORSEC2020#page#Machine Learning For Natural Language ProcessingSentiment AnalysisNegativInformation ExtractionInformation RetrievalMachine

2、LearningTasksForMultipleMachine TranslationQuestion Answering22020/8/21#page#Machine Learning As A Service For NLPMicrosoftGoogleawsAzureCloud PlatformEWATSONfastTextParallelDotsGoogle PerspectiveRThey SayAYLIENmashape2020/8/21#page#Breaking Thing Is EasyRecent works have revealed the vulnerabilitie

3、s of DNNs in image and speech domain The DNNS forimage classification are vulnerable to adversarialimages.Goodfellow et al.， ICLR15 Automatic speech recognition systems can be broken down by adversarial audios in physical world.IYuan et al.，USENIX18iV(o.y）买，Open hedoor100XnoamMOH99.3号。Do the adversa

4、rial examples also exist in text domain？Are the MLaaS for NLP also vulnerable to adversarial examples？2020/8/21#page#Preliminaries2020/8/21#page#Adversarial TextWhat is the adversarial text？Carefully generated by adding small perturbations to thelegitimate text.Task:Sentiment Analysis.ClassiferAmazo

5、n AWS.Originallabel:100%NegativeAdversariallabel89%Positive.uu apeu seM alou SIuMesISasoalpor o ueyanHwelasneag Auu Auaal alou Slu pauemlxeLeunoun Atnetf uBiu elam suoeoadxe u ossasuuoed uuuM pleme esOu uamaqthought the movie was terible terribleandlm stil left wondering how shewas everpersuaded to

6、makethis movie.TheScriptisreallyweakweak.Whatisthe challenge forgenerating adversarialtexts？ The discrete property of text makes it hard to optimize. Small perturbations in text are usually clearly perceptible， Replacement of a single word may drastically alter the semantics of the sentence2020/8/21