一种随机束搜索文本攻击黑盒算法  

A Black Box Algorithm of Random Beam Search Text Attack

在线阅读下载全文

作  者:王小萌 张华[1] 丁金扣[1] 王稼慧 WANG Xiaomeng;ZHANG Hua;DING Jinkou;WANG Jiahui(State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications,Beijing 100876,China)

机构地区:[1]北京邮电大学网络与交换技术国家重点实验室,北京100876

出  处:《北京邮电大学学报》2024年第2期24-29,共6页Journal of Beijing University of Posts and Telecommunications

基  金:国家自然科学基金项目(62072051)。

摘  要:针对现有对抗样本生成算法容易陷入局部最优解的问题,提出了一种名为R-attack的算法,通过束搜索和随机元来提高攻击成功率。利用束搜索在同义词空间中寻找最优解,增加对抗样本的多样性,进而提高攻击的效率,同时,在迭代搜索过程中引入随机元素,避免过早陷入局部最优解,从而有效提高攻击成功率。在3个数据集上对2个模型进行了对抗攻击实验,实验结果表明,使用R-attack算法能够有效提高对抗样本的攻击成功率。以在Yahoo!Answers数据集上训练的双向长短期记忆网络模型为例,用R-attack算法攻击模型的攻击成功率比基线算法高了2.4%。To solve the problem that existing adversarial text generation algorithms are prone to fall into local optimal solution,an algorithm R-attack is proposed that uses beam search and random elements to improve the attack success rate.The R-attack algorithm first utilizes beam search to thoroughly explore the synonym space,thereby increasing the diversity of adversarial samples and enhancing the efficiency of the attack.Meanwhile,during the iterative search process,random elements are introduced to avoid premature convergence to local optima,effectively improving the success rate of the attack.Adversarial attack experiments were conducted on two models across three datasets,and the results demonstrate that the R-attack algorithm significantly improves the success rate of adversarial samples.Taking the example of attacking an LSTM model trained on“Yahoo!Answers,”the R-attack algorithm achieves a 2.4%increase in attack success rate compared to the baseline.

关 键 词:对抗攻击算法 自然语言处理 黑盒攻击 

分 类 号:TP301.6[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象