Abstract
Adversarial examples pose significant challenges for Natural Language Processing (NLP) model robustness, often causing notable performance degradation. While various detection methods have been proposed with the aim of differentiating clean and adversarial inputs, they often require fine-Tuning with ample data, which is problematic for low-resource scenarios. To alleviate this issue, a Subspace Clustering based Adversarial Detector (termed SCAD) is proposed in this paper, leveraging a union of subspaces to model the clean data distribution. Specifically, SCAD estimates feature distribution across semantic subspaces, assigning unseen examples to the nearest one for effective discrimination. The construction of semantic subspaces does not require many observations and hence ideal for the low-resource setting. The proposed algorithm achieves detection results better than or competitive with previous state-of-The-Arts on a combination of three well-known text classification benchmarks and four attacking methods. Further empirical analysis suggests that SCAD effectively mitigates the low-resource setting where clean training data is limit.
| Original language | English |
|---|---|
| Title of host publication | WSDM ’24: Proceedings of the 17th ACM International Conference on Web Search and Data Mining |
| Place of Publication | U.S. |
| Publisher | Association for Computing Machinery |
| Pages | 286-294 |
| Number of pages | 9 |
| ISBN (Electronic) | 9798400703713 |
| DOIs | |
| Publication status | Published - Mar 2024 |
| Event | International Conference on Web Search & Data Mining - Merida, Mexico Duration: 4 Mar 2024 → 8 Mar 2024 Conference number: 17th |
Conference
| Conference | International Conference on Web Search & Data Mining |
|---|---|
| Country/Territory | Mexico |
| City | Merida |
| Period | 4/03/24 → 8/03/24 |
Keywords
- adversarial example detection
- low-resource training
- model robustness
- sparse subspace clustering