Saved in:
Bibliographic Details
Main Authors: Chattopadhyay, Nandish, Goswami, Atreya, Chattopadhyay, Anupam
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2404.02660
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929302202744832
author Chattopadhyay, Nandish
Goswami, Atreya
Chattopadhyay, Anupam
author_facet Chattopadhyay, Nandish
Goswami, Atreya
Chattopadhyay, Anupam
contents Adversarial attacks on machine learning algorithms have been a key deterrent to the adoption of AI in many real-world use cases. They significantly undermine the ability of high-performance neural networks by forcing misclassifications. These attacks introduce minute and structured perturbations or alterations in the test samples, imperceptible to human annotators in general, but trained neural networks and other models are sensitive to it. Historically, adversarial attacks have been first identified and studied in the domain of image processing. In this paper, we study adversarial examples in the field of natural language processing, specifically text classification tasks. We investigate the reasons for adversarial vulnerability, particularly in relation to the inherent dimensionality of the model. Our key finding is that there is a very strong correlation between the embedding dimensionality of the adversarial samples and their effectiveness on models tuned with input samples with same embedding dimension. We utilize this sensitivity to design an adversarial defense mechanism. We use ensemble models of varying inherent dimensionality to thwart the attacks. This is tested on multiple datasets for its efficacy in providing robustness. We also study the problem of measuring adversarial perturbation using different distance metrics. For all of the aforementioned studies, we have run tests on multiple models with varying dimensionality and used a word-vector level adversarial attack to substantiate the findings.
format Preprint
id arxiv_https___arxiv_org_abs_2404_02660
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Adversarial Attacks and Dimensionality in Text Classifiers
Chattopadhyay, Nandish
Goswami, Atreya
Chattopadhyay, Anupam
Machine Learning
Adversarial attacks on machine learning algorithms have been a key deterrent to the adoption of AI in many real-world use cases. They significantly undermine the ability of high-performance neural networks by forcing misclassifications. These attacks introduce minute and structured perturbations or alterations in the test samples, imperceptible to human annotators in general, but trained neural networks and other models are sensitive to it. Historically, adversarial attacks have been first identified and studied in the domain of image processing. In this paper, we study adversarial examples in the field of natural language processing, specifically text classification tasks. We investigate the reasons for adversarial vulnerability, particularly in relation to the inherent dimensionality of the model. Our key finding is that there is a very strong correlation between the embedding dimensionality of the adversarial samples and their effectiveness on models tuned with input samples with same embedding dimension. We utilize this sensitivity to design an adversarial defense mechanism. We use ensemble models of varying inherent dimensionality to thwart the attacks. This is tested on multiple datasets for its efficacy in providing robustness. We also study the problem of measuring adversarial perturbation using different distance metrics. For all of the aforementioned studies, we have run tests on multiple models with varying dimensionality and used a word-vector level adversarial attack to substantiate the findings.
title Adversarial Attacks and Dimensionality in Text Classifiers
topic Machine Learning
url https://arxiv.org/abs/2404.02660