BERT-Defense: A Probabilistic Model Based on BERT to Combat Cognitively Inspired Orthographic Adversarial Attacks

TL;DR

This paper introduces BERT-Defense, a probabilistic model that effectively defends against complex orthographic adversarial attacks in NLP by combining BERT's contextual understanding with character-level information, outperforming standard spellcheckers.

Contribution

The paper proposes a novel BERT-based probabilistic defense model that handles challenging character-level adversarial attacks better than existing spellcheckers and defenses.

Findings

BERT-Defense performs on par with human crowd-workers in defending against adversarial attacks.

Standard spellcheckers and prior defenses perform poorly on complex orthographic perturbations.

The iterative BERT-based approach effectively combines context-independent and context-dependent information.

Abstract

Adversarial attacks expose important blind spots of deep learning systems. While word- and sentence-level attack scenarios mostly deal with finding semantic paraphrases of the input that fool NLP models, character-level attacks typically insert typos into the input stream. It is commonly thought that these are easier to defend via spelling correction modules. In this work, we show that both a standard spellchecker and the approach of Pruthi et al. (2019), which trains to defend against insertions, deletions and swaps, perform poorly on the character-level benchmark recently proposed in Eger and Benz (2020) which includes more challenging attacks such as visual and phonetic perturbations and missing word segmentations. In contrast, we show that an untrained iterative approach which combines context-independent character-level information with context-dependent information from BERT's masked language modeling can perform on par with human crowd-workers from Amazon Mechanical Turk (AMT) supervised via 3-shot learning.