Adaptive Attack Detection in Text Classification: Leveraging Space Exploration Features for Text Sentiment Classification

TL;DR

This paper introduces a novel adversarial attack detection method for text classification that leverages BERT-derived space exploration features to enhance density estimation and improve robustness against adversarial inputs.

Contribution

The paper proposes a new approach using BERT and space exploration features to improve adversarial example detection in text sentiment classification.

Findings

Enhanced detection accuracy with BERT-based features

Improved density estimation for adversarial detection

Effective in identifying crafted adversarial examples

Abstract

Adversarial example detection plays a vital role in adaptive cyber defense, especially in the face of rapidly evolving attacks. In adaptive cyber defense, the nature and characteristics of attacks continuously change, making it crucial to have robust mechanisms in place to detect and counter these threats effectively. By incorporating adversarial example detection techniques, adaptive cyber defense systems can enhance their ability to identify and mitigate attacks that attempt to exploit vulnerabilities in machine learning models or other systems. Adversarial examples are inputs that are crafted by applying intentional perturbations to natural inputs that result in incorrect classification. In this paper, we propose a novel approach that leverages the power of BERT (Bidirectional Encoder Representations from Transformers) and introduces the concept of Space Exploration Features. We utilize the feature vectors obtained from the BERT model's output to capture a new representation of feature space to improve the density estimation method.