26 research outputs found

    Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment

    Full text link
    Machine learning algorithms are often vulnerable to adversarial examples that have imperceptible alterations from the original counterparts but can fool the state-of-the-art models. It is helpful to evaluate or even improve the robustness of these models by exposing the maliciously crafted adversarial examples. In this paper, we present TextFooler, a simple but strong baseline to generate natural adversarial text. By applying it to two fundamental natural language tasks, text classification and textual entailment, we successfully attacked three target models, including the powerful pre-trained BERT, and the widely used convolutional and recurrent neural networks. We demonstrate the advantages of this framework in three ways: (1) effective---it outperforms state-of-the-art attacks in terms of success rate and perturbation rate, (2) utility-preserving---it preserves semantic content and grammaticality, and remains correctly classified by humans, and (3) efficient---it generates adversarial text with computational complexity linear to the text length. *The code, pre-trained target models, and test examples are available at https://github.com/jind11/TextFooler.Comment: AAAI 2020 (Oral

    Sentiment spin: Attacking financial sentiment with GPT-3

    Full text link
    In this study, we explore the susceptibility of financial sentiment analysis to adversarial attacks that manipulate financial texts. With the rise of AI readership in the financial sector, companies are adapting their language and disclosures to fit AI processing better, leading to concerns about the potential for manipulation. In the finance literature, keyword-based methods, such as dictionaries, are still widely used for financial sentiment analysis due to their perceived transparency. However, our research demonstrates the vulnerability of keyword-based approaches by successfully generating adversarial attacks using the sophisticated transformer model, GPT-3. With a success rate of nearly 99% for negative sentences in the Financial Phrase Bank, a widely used database for financial sentiment analysis, we highlight the importance of incorporating robust methods, such as context-aware approaches such as BERT, in financial sentiment analysis

    A Review on Identification of Contextual Similar Sentences

    Get PDF
    The task of identifying contextual similar sentences plays a crucial role in various natural language processing applications such as information retrieval, paraphrase detection, and question answering systems. This paper presents a comprehensive review of the methodologies, techniques, and advancements in the identification of contextual similar sentences. Beginning with an overview of the importance and challenges associated with this task, the paper delves into the various approaches employed, including traditional similarity metrics, deep learning architectures, and transformer-based models. Furthermore, the review explores different datasets and evaluation metrics used to assess the performance of these methods. Additionally, the paper discusses recent trends, emerging research directions, and potential applications in the field. By synthesizing existing literature, this review aims to provide researchers and practitioners with insights into the state-of-the-art techniques and future avenues for advancing the identification of contextual similar sentences

    Disentangled Contrastive Learning for Learning Robust Textual Representations

    Full text link
    Although the self-supervised pre-training of transformer models has resulted in the revolutionizing of natural language processing (NLP) applications and the achievement of state-of-the-art results with regard to various benchmarks, this process is still vulnerable to small and imperceptible permutations originating from legitimate inputs. Intuitively, the representations should be similar in the feature space with subtle input permutations, while large variations occur with different meanings. This motivates us to investigate the learning of robust textual representation in a contrastive manner. However, it is non-trivial to obtain opposing semantic instances for textual samples. In this study, we propose a disentangled contrastive learning method that separately optimizes the uniformity and alignment of representations without negative sampling. Specifically, we introduce the concept of momentum representation consistency to align features and leverage power normalization while conforming the uniformity. Our experimental results for the NLP benchmarks demonstrate that our approach can obtain better results compared with the baselines, as well as achieve promising improvements with invariance tests and adversarial attacks. The code is available in https://github.com/zjunlp/DCL.Comment: Work in progres

    Effects of Data Duplication in Pretraining

    Get PDF
    ํ•™์œ„๋…ผ๋ฌธ(์„์‚ฌ) -- ์„œ์šธ๋Œ€ํ•™๊ต๋Œ€ํ•™์› : ๋ฐ์ดํ„ฐ์‚ฌ์ด์–ธ์Šค๋Œ€ํ•™์› ๋ฐ์ดํ„ฐ์‚ฌ์ด์–ธ์Šคํ•™๊ณผ, 2023. 2. ์ด์žฌ์ง„.This paper studies the effect of deduplication in training data on language models, such as BERT (the encoder-based model) and GPT-2 (the decoder-based model). Previous studies focus on memorizing duplicates in the training dataset whereas we perform several experiments with data deduplication. The pretraining data is first clustered by MinhashLSH, a stochastic method for finding near-duplicate documents in large corpus data, and then deduplicated by Jaccard similarity with various threshold values. Then, the models are finetuned with different downstream tasks. The experimental result indicates that GPT-2 works better with the deduplication, whereas BERT works differently depending on the tasks. It is due to the difference in self-supervised learning methods between BERT and GPT-2. The duplicated data may work on BERT as data augmentation through random masking in its data preprocessing stage. Data duplication may introduce biases and lead to overfitting, but the effect depends on the amount of duplicated data. To improve performance, data deduplication with proper granularity is essential in language model training.์ด ์—ฐ๊ตฌ๋Š” BERT(์ธ์ฝ”๋” ๊ธฐ๋ฐ˜ ๋ชจ๋ธ) ๋ฐ GPT-2(๋””์ฝ”๋” ๊ธฐ๋ฐ˜ ๋ชจ๋ธ)์™€ ๊ฐ™์€ ์–ธ์–ด ๋ชจ๋ธ์— ๋Œ€ํ•œ ํ›ˆ๋ จ ๋ฐ์ดํ„ฐ์˜ ์ค‘๋ณต ์ œ๊ฑฐ ํšจ๊ณผ๋ฅผ ์ œ์‹œํ•˜๋Š” ๋ฐ ๋ชฉ์ ์ด ์žˆ๋‹ค. ๊ธฐ์กด ์—ฐ๊ตฌ์—์„œ๋Š” ์ƒ์„ฑ ๋ชจ๋ธ์— ํ•œํ•˜์—ฌ ์ค‘๋ณต ์ œ๊ฑฐ์˜ ์ด์ ์„ ๋ฐํ˜”์œผ๋ฉฐ, ๋ชจ๋ธ์ด ์•”๊ธฐ๋œ ํ…์ŠคํŠธ๋ฅผ ๋œ ์ƒ์„ฑํ•˜๊ณ  ๋ชจ๋ธ์˜ ํ›ˆ๋ จ ๋‹จ๊ณ„๊ฐ€ ๋” ์ ๊ฒŒ ํ•„์š”ํ•˜๋‹ค๋Š” ๊ฒƒ์„ ๋ฐœ๊ฒฌํ•˜์˜€๋‹ค. ์ด์— ๋ง๋ถ™์—ฌ ํ˜„ ์—ฐ๊ตฌ์—์„œ๋Š” ๋ฐ์ดํ„ฐ ์ค‘๋ณต ์ œ๊ฑฐ์— ๋Œ€ํ•ด ๋ช‡ ๊ฐ€์ง€ ์ถ”๊ฐ€์ ์ธ ์‹คํ—˜์„ ์ˆ˜ํ–‰ํ•œ๋‹ค. ์‚ฌ์ „ ํ•™์Šต ๋ฐ์ดํ„ฐ๋Š” ์šฐ์„  MinhashLSH(๋Œ€๊ทœ๋ชจ ๋ง๋ญ‰์น˜ ๋ฐ์ดํ„ฐ์—์„œ ์œ ์‚ฌํ•œ ๋ฌธ์„œ๋ฅผ ์ฐพ๊ธฐ ์œ„ํ•œ ํ™•๋ฅ ๋ก ์  ๋ฐฉ๋ฒ•)๋กœ ํด๋Ÿฌ์Šคํ„ฐ๋ง ํ•œ ๋‹ค์Œ, ๋‹ค์–‘ํ•œ ์ž„๊ณ„๊ฐ’์˜ Jaccard ์œ ์‚ฌ์„ฑ์œผ๋กœ ์ค‘๋ณต document๋ฅผ ์ œ๊ฑฐํ•˜๋Š” ์ „์ฒ˜๋ฆฌ ๊ณผ์ •์„ ๊ฑฐ์นœ๋‹ค. ๊ตฌ์„ฑ๋œ ๋ฐ์ดํ„ฐ์…‹์„ ๊ธฐ๋ฐ˜์œผ๋กœ ์‚ฌ์ „ ํ•™์Šต์„ ์ง„ํ–‰ํ•˜๊ณ , ์ดํ›„ ๋‹ค์–‘ํ•œ downstream ์ž‘์—…์— finetuningํ•œ๋‹ค. GPT-2๋Š” ์ค‘๋ณต ์ œ๊ฑฐ๋œ ๋ชจ๋ธ์—์„œ ๋” ๋†’์€ ์„ฑ๋Šฅ์„ ๋‚ด๋Š” ๋ฐ˜๋ฉด, BERT๋Š” downstream ์ž‘์—…์— ๋”ฐ๋ผ ๋‹ค๋ฅธ ์„ฑ๋Šฅ์„ ๋ณด์ธ๋‹ค. ์ด๋Š” BERT์™€ GPT-2์˜ self-supervised learning ๋ฐฉ์‹์˜ ์ฐจ์ด ๋•Œ๋ฌธ์ด๋‹ค. BERT์—์„œ๋Š” ๋ฐ์ดํ„ฐ ์ „์ฒ˜๋ฆฌ ๋‹จ๊ณ„์—์„œ ๋žœ๋ค ๋งˆ์Šคํ‚น ๋ฐฉ์‹์„ ํ†ตํ•ด ์ค‘๋ณต๋œ ๋ฐ์ดํ„ฐ๊ฐ€ ์˜คํžˆ๋ ค ๋ฐ์ดํ„ฐ augmentation์œผ๋กœ ์ž‘์šฉํ•  ์ˆ˜ ์žˆ๋‹ค. ๊ทธ๋ ‡์ง€๋งŒ ๊ฒฐ๊ณผ์ ์œผ๋กœ ๋ฐ์ดํ„ฐ ์ค‘๋ณต์€ ํŽธํ–ฅ์„ ๋„์ž…ํ•˜๊ณ  ๊ณผ์ ํ•ฉ์œผ๋กœ ์ด์–ด์งˆ ์ˆ˜ ์žˆ์œผ๋ฉฐ, ๊ทธ ํšจ๊ณผ๋Š” ์ค‘๋ณต ๋ฐ์ดํ„ฐ์˜ ์–‘์— ๋”ฐ๋ผ ๋‹ค๋ฅผ ์ˆ˜ ์žˆ๋‹ค. ๋”ฐ๋ผ์„œ ์„ฑ๋Šฅ์„ ํ–ฅ์ƒ์‹œํ‚ค๊ธฐ ์œ„ํ•ด์„  ์–ธ์–ด ๋ชจ๋ธ ํ›ˆ๋ จ์—์„œ ์ ์ ˆํ•œ ์ž„๊ณ„๊ฐ’์˜ ๋ฐ์ดํ„ฐ ์ค‘๋ณต ์ œ๊ฑฐ๊ฐ€ ํ•„์ˆ˜์ ์ด๋‹ค.Chapter 1. Introduction ๏ผ‘ 1.1. Study Background ๏ผ‘ 1.2. Purpose of Research ๏ผ“ 1.3. Related Work ๏ผ” Chapter 2. Approach ๏ผ– 2.1. Pretraining Models ๏ผ– 2.2. Pretraining Dataset ๏ผ— 2.3. Near Deduplication ๏ผ— 2.4. Injection of Exact Document Duplication ๏ผ‘๏ผ Chapter 3. Experiments ๏ผ‘๏ผ’ 3.1. Near Deduplication Results ๏ผ‘๏ผ’ 3.2. Duplication Injection Results ๏ผ‘๏ผ” Chapter 4. Conclusion ๏ผ‘๏ผ– 4.1. Discussion and Future work ๏ผ‘๏ผ–์„

    Token-Modification Adversarial Attacks for Natural Language Processing: A Survey

    Full text link
    There are now many adversarial attacks for natural language processing systems. Of these, a vast majority achieve success by modifying individual document tokens, which we call here a \textit{token-modification} attack. Each token-modification attack is defined by a specific combination of fundamental \textit{components}, such as a constraint on the adversary or a particular search algorithm. Motivated by this observation, we survey existing token-modification attacks and extract the components of each. We use an attack-independent framework to structure our survey which results in an effective categorisation of the field and an easy comparison of components. We hope this survey will guide new researchers to this field and spark further research into the individual attack components.Comment: 8 pages, 1 figur
    corecore