Token-Modification Adversarial Attacks for Natural Language Processing: A Survey

TL;DR

This survey comprehensively reviews token-modification adversarial attacks in NLP, categorizing their components to aid understanding and guide future research in attack refinement.

Contribution

It introduces an attack-independent framework to systematically categorize and compare different components of token-modification adversarial attacks in NLP.

Findings

Systematic categorization of attack components

Framework enables easy comparison of attack methods

Guides future research in attack component refinement

Abstract

Many adversarial attacks target natural language processing systems, most of which succeed through modifying the individual tokens of a document. Despite the apparent uniqueness of each of these attacks, fundamentally they are simply a distinct configuration of four components: a goal function, allowable transformations, a search method, and constraints. In this survey, we systematically present the different components used throughout the literature, using an attack-independent framework which allows for easy comparison and categorisation of components. Our work aims to serve as a comprehensive guide for newcomers to the field and to spark targeted research into refining the individual attack components.