WordChange: Adversarial Examples Generation Approach for Chinese Text Classification

As an important carrier for disseminating information in the Internet Age, the text contains a large amount of information. In recent years, adversarial example attacks against text discrete domains have been received widespread attention. Deep neural network (DNN) produces opposite predictions by adding small perturbations to the text data. In this paper, we present “WordChange”: an adversarial examples generation approach for Chinese text classification based on multiple modification strategies, and we evaluate the effectiveness of the method in sentiment analysis dataset and spam dataset. This method effectively locates important word positions by designing a keyword contribution algorithm. We first propose a “word-split” strategy to substitute keywords thatare designed by the structure and semantic property of Chinese texts. We also first apply “swap” and “insert” strategies on Chinese texts to generate adversarial examples. We further discuss the influence of multiple Chinese Word Segmentation tools and different text lengths on the proposed method, as well as the diversification of Chinese text modification strategies. Finally, the adversarial texts based on the long short-term memory network (LSTM) can be successfully transferred to other text classifiers and real-world applications.

[1]  Yang Zhang,et al.  Effect of Adversarial Examples on the Robustness of CAPTCHA , 2018, 2018 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC).

[2]  Tong Zhang,et al.  Deep Pyramid Convolutional Neural Networks for Text Categorization , 2017, ACL.

[3]  Pasquale Minervini,et al.  Adversarially Regularising Neural NLI Models to Integrate Logical Background Knowledge , 2018, CoNLL.

[4]  Percy Liang,et al.  Adversarial Examples for Evaluating Reading Comprehension Systems , 2017, EMNLP.

[5]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[6]  Ge Yu,et al.  Multimodal learning for topic sentiment analysis in microblogging , 2017, Neurocomputing.

[7]  Dejing Dou,et al.  HotFlip: White-Box Adversarial Examples for Text Classification , 2017, ACL.

[8]  Ting Wang,et al.  TextBugger: Generating Adversarial Text Against Real-world Applications , 2018, NDSS.

[9]  Yanfeng Hu,et al.  Word-character attention model for Chinese text classification , 2019, Int. J. Mach. Learn. Cybern..

[10]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[11]  Luke S. Zettlemoyer,et al.  Adversarial Example Generation with Syntactically Controlled Paraphrase Networks , 2018, NAACL.

[12]  Yoon Kim,et al.  Convolutional Neural Networks for Sentence Classification , 2014, EMNLP.

[13]  Clement T. Yu,et al.  On the construction of effective vocabularies for information retrieval , 1974, SIGPLAN '73.

[14]  Rada Mihalcea,et al.  Sentiment Analysis , 2014, Encyclopedia of Social Network Analysis and Mining.

[15]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[16]  G. Chang,et al.  A METHOD OF FINE-GRAINED SHORT TEXT SENTIMENT ANALYSIS BASED ON MACHINE LEARNING , 2018 .

[17]  Weiming Zhang,et al.  Protecting Privacy in Shared Photos via Adversarial Examples Based Stealth , 2017, Secur. Commun. Networks.

[18]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[19]  Peng Liu,et al.  Parallel naive Bayes algorithm for large-scale Chinese text classification based on spark , 2019, Journal of Central South University.

[20]  Sameep Mehta,et al.  Generating Adversarial Text Samples , 2018, ECIR.

[21]  Matt J. Kusner,et al.  From Word Embeddings To Document Distances , 2015, ICML.

[22]  Jinfeng Yi,et al.  Attacking Visual Language Grounding with Adversarial Examples: A Case Study on Neural Image Captioning , 2017, ACL.

[23]  Mingyue Zhang,et al.  Chinese Text Classification System on Regulatory Information Based on SVM , 2019 .

[24]  Xudong Yang,et al.  Chinese Texts Classification System , 2019, 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT).

[25]  Yanjun Qi,et al.  Black-Box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[26]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[27]  Xirong Li,et al.  Deep Text Classification Can be Fooled , 2017, IJCAI.

[28]  Mohit Bansal,et al.  Adversarial Over-Sensitivity and Over-Stability Strategies for Dialogue Models , 2018, CoNLL.

[29]  David Bamman,et al.  Adversarial Training for Relation Extraction , 2017, EMNLP.

[30]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[31]  Wanxiang Che,et al.  Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency , 2019, ACL.

[32]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[33]  Qi Liu,et al.  A Radical-Aware Attention-Based Model for Chinese Text Classification , 2019, AAAI.

[34]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[35]  Bo Li,et al.  Adversarial Texts with Gradient Methods , 2018, ArXiv.

[36]  Zhu Hong,et al.  An Efficient Character-Level and Word-Level Feature Fusion Method for Chinese Text Classification , 2019 .