[MASK] insertion for anti-adversarial attacks

Xinrong Hu; Ce Xu; Junlong Ma; Zijian Huang; Jie Yang; Yi Guo; Johan Barthelemy

doi:10.18653/v1/2023.findings-eacl.78

[MASK] insertion for anti-adversarial attacks

Xinrong Hu
, Ce Xu
, Junlong Ma
, Zijian Huang
, Jie Yang
, Yi Guo
, Johan Barthelemy

School of Computer, Data & Mathematical Sciences

Wuhan Textile University
University of Wollongong
NVIDIA

Research output: Chapter in Book / Conference Paper › Conference Paper › peer-review

1 Citation (Scopus)

Abstract

Adversarial attack aims to perturb input sequences and mislead a trained model for false predictions. To enhance the model robustness, defensing methods are accordingly employed by either data augmentation (involving adversarial samples) or model enhancement (modifying the training loss and/or model architecture). In contrast to previous work, this paper revisits the masked language modeling (MLM) and presents a simple yet efficient algorithm against adversarial attacks, termed [MASK] insertion for defensing (MI4D). Specifically, MI4D simply inserts [MASK] tokens to input sequences during training and inference, maximizing the intersection of the new convex hull (MI4D creates) with the original one (the clean input forms). As neither additional adversarial samples nor the model modification is required, MI4D is as computationally efficient as traditional fine-tuning. Comprehensive experiments have been conducted using three benchmark datasets and four attacking methods. MI4D yields a significant improvement (on average) of the accuracy between 3.2 and 11.1 absolute points when compared with six state-of-the-art defensing baselines.

Original language	English
Title of host publication	Proceedings of the 17th Conference of the European Chapter of the Association for Computational Linguistics: Findings of EACL 2023, Dubrovnik, Croatia, May 2-6, 2023
Publisher	Association for Computational Linguistics
Pages	1028-1040
Number of pages	13
ISBN (Print)	9781959429470
DOIs	https://doi.org/10.18653/v1/2023.findings-eacl.78
Publication status	Published - 2023
Event	European Chapter of the Association for Computational Linguistics. Conference - Duration: 2 May 2023 → …

Conference

Conference	European Chapter of the Association for Computational Linguistics. Conference
Period	2/05/23 → …

Bibliographical note

Publisher Copyright:
© 2023 Association for Computational Linguistics.

Access to Document

10.18653/v1/2023.findings-eacl.78

Cite this

Hu, X., Xu, C., Ma, J., Huang, Z., Yang, J., Guo, Y., & Barthelemy, J. (2023). [MASK] insertion for anti-adversarial attacks. In Proceedings of the 17th Conference of the European Chapter of the Association for Computational Linguistics: Findings of EACL 2023, Dubrovnik, Croatia, May 2-6, 2023 (pp. 1028-1040). Association for Computational Linguistics. https://doi.org/10.18653/v1/2023.findings-eacl.78

@inproceedings{6a9b51da6c9b4c1db37bca2a5b68955a,

title = "[MASK] insertion for anti-adversarial attacks",

abstract = "Adversarial attack aims to perturb input sequences and mislead a trained model for false predictions. To enhance the model robustness, defensing methods are accordingly employed by either data augmentation (involving adversarial samples) or model enhancement (modifying the training loss and/or model architecture). In contrast to previous work, this paper revisits the masked language modeling (MLM) and presents a simple yet efficient algorithm against adversarial attacks, termed [MASK] insertion for defensing (MI4D). Specifically, MI4D simply inserts [MASK] tokens to input sequences during training and inference, maximizing the intersection of the new convex hull (MI4D creates) with the original one (the clean input forms). As neither additional adversarial samples nor the model modification is required, MI4D is as computationally efficient as traditional fine-tuning. Comprehensive experiments have been conducted using three benchmark datasets and four attacking methods. MI4D yields a significant improvement (on average) of the accuracy between 3.2 and 11.1 absolute points when compared with six state-of-the-art defensing baselines.",

author = "Xinrong Hu and Ce Xu and Junlong Ma and Zijian Huang and Jie Yang and Yi Guo and Johan Barthelemy",

note = "Publisher Copyright: {\textcopyright} 2023 Association for Computational Linguistics.; European Chapter of the Association for Computational Linguistics. Conference ; Conference date: 02-05-2023",

year = "2023",

doi = "10.18653/v1/2023.findings-eacl.78",

language = "English",

isbn = "9781959429470",

pages = "1028--1040",

booktitle = "Proceedings of the 17th Conference of the European Chapter of the Association for Computational Linguistics: Findings of EACL 2023, Dubrovnik, Croatia, May 2-6, 2023",

publisher = "Association for Computational Linguistics",

}

Hu, X, Xu, C, Ma, J, Huang, Z, Yang, J, Guo, Y & Barthelemy, J 2023, [MASK] insertion for anti-adversarial attacks. in Proceedings of the 17th Conference of the European Chapter of the Association for Computational Linguistics: Findings of EACL 2023, Dubrovnik, Croatia, May 2-6, 2023. Association for Computational Linguistics, pp. 1028-1040, European Chapter of the Association for Computational Linguistics. Conference, 2/05/23. https://doi.org/10.18653/v1/2023.findings-eacl.78

[MASK] insertion for anti-adversarial attacks. / Hu, Xinrong; Xu, Ce; Ma, Junlong et al.
Proceedings of the 17th Conference of the European Chapter of the Association for Computational Linguistics: Findings of EACL 2023, Dubrovnik, Croatia, May 2-6, 2023. Association for Computational Linguistics, 2023. p. 1028-1040.

Research output: Chapter in Book / Conference Paper › Conference Paper › peer-review

TY - GEN

T1 - [MASK] insertion for anti-adversarial attacks

AU - Hu, Xinrong

AU - Xu, Ce

AU - Ma, Junlong

AU - Huang, Zijian

AU - Yang, Jie

AU - Guo, Yi

AU - Barthelemy, Johan

PY - 2023

Y1 - 2023

N2 - Adversarial attack aims to perturb input sequences and mislead a trained model for false predictions. To enhance the model robustness, defensing methods are accordingly employed by either data augmentation (involving adversarial samples) or model enhancement (modifying the training loss and/or model architecture). In contrast to previous work, this paper revisits the masked language modeling (MLM) and presents a simple yet efficient algorithm against adversarial attacks, termed [MASK] insertion for defensing (MI4D). Specifically, MI4D simply inserts [MASK] tokens to input sequences during training and inference, maximizing the intersection of the new convex hull (MI4D creates) with the original one (the clean input forms). As neither additional adversarial samples nor the model modification is required, MI4D is as computationally efficient as traditional fine-tuning. Comprehensive experiments have been conducted using three benchmark datasets and four attacking methods. MI4D yields a significant improvement (on average) of the accuracy between 3.2 and 11.1 absolute points when compared with six state-of-the-art defensing baselines.

AB - Adversarial attack aims to perturb input sequences and mislead a trained model for false predictions. To enhance the model robustness, defensing methods are accordingly employed by either data augmentation (involving adversarial samples) or model enhancement (modifying the training loss and/or model architecture). In contrast to previous work, this paper revisits the masked language modeling (MLM) and presents a simple yet efficient algorithm against adversarial attacks, termed [MASK] insertion for defensing (MI4D). Specifically, MI4D simply inserts [MASK] tokens to input sequences during training and inference, maximizing the intersection of the new convex hull (MI4D creates) with the original one (the clean input forms). As neither additional adversarial samples nor the model modification is required, MI4D is as computationally efficient as traditional fine-tuning. Comprehensive experiments have been conducted using three benchmark datasets and four attacking methods. MI4D yields a significant improvement (on average) of the accuracy between 3.2 and 11.1 absolute points when compared with six state-of-the-art defensing baselines.

UR - https://hdl.handle.net/1959.7/uws:71074

UR - https://aclanthology.org/2023.findings-eacl.78/

U2 - 10.18653/v1/2023.findings-eacl.78

DO - 10.18653/v1/2023.findings-eacl.78

M3 - Conference Paper

SN - 9781959429470

SP - 1028

EP - 1040

BT - Proceedings of the 17th Conference of the European Chapter of the Association for Computational Linguistics: Findings of EACL 2023, Dubrovnik, Croatia, May 2-6, 2023

PB - Association for Computational Linguistics

T2 - European Chapter of the Association for Computational Linguistics. Conference

Y2 - 2 May 2023

ER -

[MASK] insertion for anti-adversarial attacks

Abstract

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this