A Geometry-Inspired Attack for Generating Natural Language Adversarial Examples

TL;DR

This paper introduces a geometry-inspired method for creating natural language adversarial examples that effectively fool models with minimal word changes, maintaining human indistinguishability and enhancing model robustness.

Contribution

The paper presents a novel geometry-inspired attack technique that approximates decision boundaries to generate effective natural language adversarial examples.

Findings

High success rate in fooling models with few word replacements

Adversarial examples are hard for humans to recognize

Adversarial training improves model robustness

Abstract

Generating adversarial examples for natural language is hard, as natural language consists of discrete symbols, and examples are often of variable lengths. In this paper, we propose a geometry-inspired attack for generating natural language adversarial examples. Our attack generates adversarial examples by iteratively approximating the decision boundary of Deep Neural Networks (DNNs). Experiments on two datasets with two different models show that our attack fools natural language models with high success rates, while only replacing a few words. Human evaluation shows that adversarial examples generated by our attack are hard for humans to recognize. Further experiments show that adversarial training can improve model robustness against our attack.