Abstract
In this paper, we propose a white-box attack algorithm called “Global Search” method and compare it with a simple misspelling noise and a more sophisticated and common white-box attack approach called “Greedy Search”. The attack methods are evaluated on the Convolutional Neural Network (CNN) sentiment classifier trained on the IMDB movie review dataset. The attack success rate is used to evaluate the effectiveness of the attack methods and the perplexity of the sentences is used to measure the degree of distortion of the generated adversarial examples. The experiment results show that the proposed “Global Search” method generates more powerful adversarial examples with less distortion or less modification to the source text.
Highlights
In the past few decades, machine learning and deep learning techniques have been successful in several applications
We propose a ”Global Search” attack method that mitigates some of the problems faced in the commonly used greedy approach
The adversarial examples are fed into the Convolutional Neural Network (CNN) classifier to get the final prediction
Summary
In the past few decades, machine learning and deep learning techniques have been successful in several applications. These techniques developed so far are proven to be vulnerable given some manipulated inputs, which are called adversarial examples, that human can distinguish but algorithms can not (Szegedy et al, 2014; Goodfellow et al, 2015). When generating an adversarial example, if the adversary does not have knowledge of the classifier or the training data, we call this a blackbox setting. If the adversary has full knowledge of the classifier and the training data, we call this a white-box setting
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.