Towards Crafting Text Adversarial Samples

TL;DR

This paper introduces a novel method for creating adversarial text samples by modifying original texts through deletion, replacement, or addition of words, aiming to fool classifiers while maintaining sentence coherence.

Contribution

It presents a new approach for crafting adversarial text samples that preserves linguistic validity, unlike prior image-focused methods, and demonstrates effectiveness on sentiment and gender detection datasets.

Findings

Effective adversarial text samples generated that fool classifiers

Method maintains sentence meaningfulness and grammaticality

Successful application on IMDB and Twitter datasets

Abstract

Adversarial samples are strategically modified samples, which are crafted with the purpose of fooling a classifier at hand. An attacker introduces specially crafted adversarial samples to a deployed classifier, which are being mis-classified by the classifier. However, the samples are perceived to be drawn from entirely different classes and thus it becomes hard to detect the adversarial samples. Most of the prior works have been focused on synthesizing adversarial samples in the image domain. In this paper, we propose a new method of crafting adversarial text samples by modification of the original samples. Modifications of the original text samples are done by deleting or replacing the important or salient words in the text or by introducing new words in the text sample. Our algorithm works best for the datasets which have sub-categories within each of the classes of examples. While crafting adversarial samples, one of the key constraint is to generate meaningful sentences which can at pass off as legitimate from language (English) viewpoint. Experimental results on IMDB movie review dataset for sentiment analysis and Twitter dataset for gender detection show the efficiency of our proposed method.