| 面向中文文本倾向性分类的对抗样本生成方法 |
| |
| 引用本文: | 王文琦,汪润,王丽娜,唐奔宵.面向中文文本倾向性分类的对抗样本生成方法[J].软件学报,2019,30(8):2415-2427. |
| |
| 作者姓名: | 王文琦 汪润 王丽娜 唐奔宵 |
| |
| 作者单位: | 空天信息安全与可信计算教育部重点实验室(武汉大学), 湖北 武汉 430072;武汉大学 国家网络安全学院, 湖北 武汉 430072,空天信息安全与可信计算教育部重点实验室(武汉大学), 湖北 武汉 430072;武汉大学 国家网络安全学院, 湖北 武汉 430072,空天信息安全与可信计算教育部重点实验室(武汉大学), 湖北 武汉 430072;武汉大学 国家网络安全学院, 湖北 武汉 430072,空天信息安全与可信计算教育部重点实验室(武汉大学), 湖北 武汉 430072;武汉大学 国家网络安全学院, 湖北 武汉 430072 |
| |
| 基金项目: | 国家自然科学基金(61876134);国家重点研发计划(2016YFB0801100);中央高校基本科研业务费专项资金(2042018kf1028) |
| |
| 摘 要: | 研究表明,在深度神经网络(DNN)的输入中添加小的扰动信息,能够使得DNN出现误判,这种攻击被称为对抗样本攻击.而对抗样本攻击也存在于基于DNN的中文文本的情感倾向性检测中,因此提出了一种面向中文文本的对抗样本生成方法WordHanding.该方法设计了新的词语重要性计算算法,并用同音词替换以生成对抗样本,用于在黑盒情况下实施对抗样本攻击.采用真实的数据集(京东购物评论和携程酒店评论),在长短记忆网络(LSTM)和卷积神经网络(CNN)这两种DNN模型上验证该方法的有效性.实验结果表明,生成的对抗样本能够很好地误导中文文本的倾向性检测系统.
|
| 关 键 词: | 中文文本 对抗样本 深度学习模型 评分函数 黑盒 |
| 收稿时间: | 2018/5/31 0:00:00 |
| 修稿时间: | 2018/9/21 0:00:00 |
Adversarial Examples Generation Approach for Tendency Classification on Chinese Texts |
| |
| WANG Wen-Qi,WANG Run,WANG Li-Na and Tang Ben-Xiao.Adversarial Examples Generation Approach for Tendency Classification on Chinese Texts[J].Journal of Software,2019,30(8):2415-2427. |
| |
| Authors: | WANG Wen-Qi WANG Run WANG Li-Na and Tang Ben-Xiao |
| |
| Affiliation: | Key Laboratory of Aerospace Information Security and Trusted Computing(Wuhan University), Ministry of Education, Wuhan 430072, China;School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China,Key Laboratory of Aerospace Information Security and Trusted Computing(Wuhan University), Ministry of Education, Wuhan 430072, China;School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China,Key Laboratory of Aerospace Information Security and Trusted Computing(Wuhan University), Ministry of Education, Wuhan 430072, China;School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China and Key Laboratory of Aerospace Information Security and Trusted Computing(Wuhan University), Ministry of Education, Wuhan 430072, China;School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China |
| |
| Abstract: | Studies have shown that the adversarial example attack is that small perturbations are added on the input to make deep neural network (DNN) misbehave. Meanwhile, these attacks also exist in Chinese text sentiment orientation classification based on DNN and a method "WordHandling" is proposed to generate this kind of adversarial examples. This method designs a new algorithm aiming at calculating important words. Then the words are replaced with homonym to generate adversarial examples, which are used to conduct an adversarial example attack in black-box scenario. This study also verifies the effectiveness of the proposed method with real data set, i.e. Jingdong shopping and Ctrip hotel review, on long short-term memory network (LSTM) and convolutional neural network (CNN). The experimental results show that the adversarial examples in this study can mislead Chinese text orientation detection system well. |
| |
| Keywords: | Chinese text adversarial examples deep learning models score function black box |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
