In recent years,with the rapid development of natural language processing,the security issues related to it have attracted more and more attention.Character perturbation is a common security problem.It can try to comp...In recent years,with the rapid development of natural language processing,the security issues related to it have attracted more and more attention.Character perturbation is a common security problem.It can try to completely modify the input classification judgment of the target program without people’s attention by adding,deleting,or replacing several characters,which can reduce the effectiveness of the classifier.Although the current research has provided various methods of perturbation attacks on characters,the success rate of some methods is still not ideal.This paper mainly studies the sample generation of optimal perturbation characters and proposes a characterlevel text adversarial sample generation method.The goal is to use this method to achieve the best effect on character perturbation.After sentiment classification experiments,this model has a higher perturbation success rate on the IMDB dataset,which proves the effectiveness and rationality of this method for text perturbation and provides a reference for future research work.展开更多
基金This work was supported by the National Key Research and Development Plan(Grant Nos.2018YFB1800302 and 2019YFA0706404)the Natural Science Foundation of China(Grant No.61702013)+2 种基金Joint of Beijing Natural Science Foundation and Education Commission(Grant No.KZ201810009011)Beijing Natural Science Foundation(Grant Nos.4202020,19L2021)Science and Technology Innovation Project of North China University of Technology(Grant No.19XN108).
文摘In recent years,with the rapid development of natural language processing,the security issues related to it have attracted more and more attention.Character perturbation is a common security problem.It can try to completely modify the input classification judgment of the target program without people’s attention by adding,deleting,or replacing several characters,which can reduce the effectiveness of the classifier.Although the current research has provided various methods of perturbation attacks on characters,the success rate of some methods is still not ideal.This paper mainly studies the sample generation of optimal perturbation characters and proposes a characterlevel text adversarial sample generation method.The goal is to use this method to achieve the best effect on character perturbation.After sentiment classification experiments,this model has a higher perturbation success rate on the IMDB dataset,which proves the effectiveness and rationality of this method for text perturbation and provides a reference for future research work.
