Defense of Adversarial Ranking Attack in Text Retrieval: Benchmark and Baseline via Detection

TL;DR

This paper introduces a benchmark and baseline detection methods for defending neural ranking models against adversarial document attacks in text retrieval, highlighting the effectiveness and limitations of supervised classifiers.

Contribution

It establishes a benchmark dataset for adversarial ranking defense and evaluates detection methods, revealing the strengths and weaknesses of supervised classifiers against known and unseen attacks.

Findings

Supervised classifiers effectively detect known adversarial attacks.

Detection performance drops significantly on unseen attacks.

Avoiding query text in classifiers prevents relevance bias.

Abstract

Neural ranking models (NRMs) have undergone significant development and have become integral components of information retrieval (IR) systems. Unfortunately, recent research has unveiled the vulnerability of NRMs to adversarial document manipulations, potentially exploited by malicious search engine optimization practitioners. While progress in adversarial attack strategies aids in identifying the potential weaknesses of NRMs before their deployment, the defensive measures against such attacks, like the detection of adversarial documents, remain inadequately explored. To mitigate this gap, this paper establishes a benchmark dataset to facilitate the investigation of adversarial ranking defense and introduces two types of detection tasks for adversarial documents. A comprehensive investigation of the performance of several detection baselines is conducted, which involve examining the spamicity, perplexity, and linguistic acceptability, and utilizing supervised classifiers. Experimental results demonstrate that a supervised classifier can effectively mitigate known attacks, but it performs poorly against unseen attacks. Furthermore, such classifier should avoid using query text to prevent learning the classification on relevance, as it might lead to the inadvertent discarding of relevant documents.