文本对抗样本攻击与防御技术综述

对抗样本攻击与防御是最近几年兴起的一个研究热点,攻击者通过微小的修改生成对抗样本来使深度神经网络预测出错。生成的对抗样本可以揭示神经网络的脆弱性,并可以修复这些脆弱的神经网络以提高模型的安全性和鲁棒性。对抗样本的攻击对象可以分为图像和文本两种,大部分研究方法和成果都针对图像领域,由于文本与图像本质上的不同,在攻击和防御方法上存在很多差异。该文对目前主流的文本对抗样本攻击与防御方法做出了较为详尽的介绍,同时说明了数据集、主流攻击的目标神经网络,并比较了不同攻击方法的区别。最后总结文本对抗样本领域面临的挑战,并对未来的研究进行展望。

Adversarial Text Attack and Defense: A Review

Adversarial attack and defense is a popular research issue in recent years. Attackers use small modifications to generate adversarial examples to cause prediction errors from the deep neural network. The generated adversarial examples can reveal the vulnerability of the neural network, which can be repaired to improve the security and robustness of the model. This paper gives a more detailed and comprehensive introduction to the current mainstream adversarial text example attack and defense methods, the data set together with the target neural network of the mainstream attack. We also compare the differences between different attack methods in this paper. Finally, the challenges of the adversarial text examples and the prospect of future research are summarized.