摘要
文本对抗攻击能够极大地弱化深度神经网络在自然语言处理任务中的判别能力,对抗攻击方法的研究是提升深度神经网络鲁棒性的重要方法。现有的词级别文本对抗方法在搜索对抗样本时不够有效,搜索到的往往不是最理想的样本。针对这一缺陷,提出了基于改进的量子行为粒子群优化算法的文本对抗方法。通过对量子行为粒子群优化算法进行离散化的适应性改动,更有效地搜索出高质量的对抗样本。实验结果表明,提出的方法在多个数据集上取得了更高的攻击成功率,同时保持了更低的改动率,人工评测则表明提出的方法生成的对抗样本相比于其他对抗样本能够更多地保留语法和语义的正确性。
Deep neural networks have been proved to be vulnerable to adversarial attacks,and research on adversarial attacks is an important method to improve the robustness of deep neural networks.The existing word level adversarial attack methods for texts are not effective enough,and always generate adversarial examples which are not the ideal ones.To solve this problem,an attack method which employs improved quantum behaved particle swarm optimization(QPSO)algorithm is proposed.By modifying QPSO to adapt the discreteness,high quality adversarial examples can be searched more effectively.The experiment results show that the proposed method can achieve higher attack success rates and lower modification rates on multiple datasets.The human evaluation shows that adversarial examples generated by the proposed method can retain more grammatical and semantic correctness than other adversarial examples.
作者
徐尹翔
陈祺东
孙俊
XU Yinxiang;CHEN Qidong;SUN Jun(School of Artificial Intelligence and Computer Science,Jiangnan University,Wuxi,Jiangsu 214122,China)
出处
《计算机工程与应用》
CSCD
北大核心
2022年第9期175-180,共6页
Computer Engineering and Applications
基金
国家重点研发计划重点专项(2018YFC1603300,2018YFC1603303)。
关键词
文本对抗攻击
量子行为粒子群优化算法
自然语言处理
text adversarial attack
quantum behaved particle swarm optimization
natural language processing