Gradient-based Adversarial Attacks against Text Transformers
Chuan Guo, Alexandre Sablayrolles, Herv\'e J\'egou, Douwe Kiela
TL;DR
This paper introduces a novel gradient-based adversarial attack method for text transformers that optimizes a distribution of adversarial examples, achieving state-of-the-art results in white-box and black-box settings.
Contribution
It presents the first general-purpose gradient-based attack for transformer models, utilizing a continuous distribution of adversarial examples for improved attack performance.
Findings
Achieves state-of-the-art attack success rates on various NLP tasks.
Black-box transfer attacks outperform existing methods with only hard-label access.
Demonstrates the effectiveness of adversarial distributions in attacking transformer models.
Abstract
We propose the first general-purpose gradient-based attack against transformer models. Instead of searching for a single adversarial example, we search for a distribution of adversarial examples parameterized by a continuous-valued matrix, hence enabling gradient-based optimization. We empirically demonstrate that our white-box attack attains state-of-the-art attack performance on a variety of natural language tasks. Furthermore, we show that a powerful black-box transfer attack, enabled by sampling from the adversarial distribution, matches or exceeds existing methods, while only requiring hard-label outputs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Topic Modeling · Domain Adaptation and Few-Shot Learning