ReinforceBug: A Framework to Generate Adversarial Textual Examples

TL;DR

ReinforceBug is a reinforcement learning framework that generates effective, semantically similar adversarial texts to improve model robustness, outperforming existing methods in success rate and transferability.

Contribution

It introduces a novel RL-based approach for generating utility-preserving adversarial texts that are transferable across models, addressing limitations of prior methods.

Findings

ReinforceBug achieves 10% higher success rate than TextFooler.

Generated adversarial examples have 83.38% semantic similarity to originals.

Adversarial examples transfer to other models with 46% success rate.

Abstract

Adversarial Examples (AEs) generated by perturbing original training examples are useful in improving the robustness of Deep Learning (DL) based models. Most prior works, generate AEs that are either unconscionable due to lexical errors or semantically or functionally deviant from original examples. In this paper, we present ReinforceBug, a reinforcement learning framework, that learns a policy that is transferable on unseen datasets and generates utility-preserving and transferable (on other models) AEs. Our results show that our method is on average 10% more successful as compared to the state-of-the-art attack TextFooler. Moreover, the target models have on average 73.64% confidence in the wrong prediction, the generated AEs preserve the functional equivalence and semantic similarity (83.38% ) to their original counterparts, and are transferable on other models with an average success rate of 46%.