Towards a Robust Deep Neural Network in Texts: A Survey

TL;DR

This survey reviews adversarial attack and defense techniques for deep neural networks in text processing, highlighting challenges and future directions to improve robustness against adversarial examples in NLP tasks.

Contribution

It provides a comprehensive taxonomy and analysis of adversarial techniques and defenses in text domain, covering English and Chinese characters, and discusses future research directions.

Findings

Classified adversarial techniques based on perturbation units

Analyzed effectiveness of defense methods in NLP tasks

Identified key challenges and future research directions

Abstract

Deep neural networks (DNNs) have achieved remarkable success in various tasks (e.g., image classification, speech recognition, and natural language processing (NLP)). However, researchers have demonstrated that DNN-based models are vulnerable to adversarial examples, which cause erroneous predictions by adding imperceptible perturbations into legitimate inputs. Recently, studies have revealed adversarial examples in the text domain, which could effectively evade various DNN-based text analyzers and further bring the threats of the proliferation of disinformation. In this paper, we give a comprehensive survey on the existing studies of adversarial techniques for generating adversarial texts written by both English and Chinese characters and the corresponding defense methods. More importantly, we hope that our work could inspire future studies to develop more robust DNN-based text analyzers against known and unknown adversarial techniques. We classify the existing adversarial techniques for crafting adversarial texts based on the perturbation units, helping to better understand the generation of adversarial texts and build robust models for defense. In presenting the taxonomy of adversarial attacks and defenses in the text domain, we introduce the adversarial techniques from the perspective of different NLP tasks. Finally, we discuss the existing challenges of adversarial attacks and defenses in texts and present the future research directions in this emerging and challenging field.