PromptAttack: Probing Dialogue State Trackers with Adversarial Prompts

TL;DR

This paper introduces a prompt-based adversarial attack method to evaluate and improve dialogue state trackers, demonstrating significant accuracy reduction and potential for enhancing robustness through adversarial training.

Contribution

It presents a novel prompt-based approach for generating natural adversarial examples targeting DSTs without needing model parameters.

Findings

Achieves high attack success rate on state-of-the-art DSTs

Maintains fluency and low perturbation in adversarial examples

Adversarial training improves DST robustness

Abstract

A key component of modern conversational systems is the Dialogue State Tracker (or DST), which models a user's goals and needs. Toward building more robust and reliable DSTs, we introduce a prompt-based learning approach to automatically generate effective adversarial examples to probe DST models. Two key characteristics of this approach are: (i) it only needs the output of the DST with no need for model parameters, and (ii) it can learn to generate natural language utterances that can target any DST. Through experiments over state-of-the-art DSTs, the proposed framework leads to the greatest reduction in accuracy and the best attack success rate while maintaining good fluency and a low perturbation ratio. We also show how much the generated adversarial examples can bolster a DST through adversarial training. These results indicate the strength of prompt-based attacks on DSTs and leave open avenues for continued refinement.