Adversarial Attacks on Tables with Entity Swap

TL;DR

This paper introduces the first black-box adversarial attack on tabular language models, specifically targeting the column type annotation task, revealing significant vulnerabilities with up to 70% performance drop.

Contribution

It proposes an entity-swap attack method for tables, highlighting a novel security concern for tabular language models and exposing dataset leakage issues.

Findings

Attack causes up to 70% performance degradation

First black-box attack on tabular language models

Reveals dataset leakage in evaluation datasets

Abstract

The capabilities of large language models (LLMs) have been successfully applied in the context of table representation learning. The recently proposed tabular language models have reported state-of-the-art results across various tasks for table interpretation. However, a closer look into the datasets commonly used for evaluation reveals an entity leakage from the train set into the test set. Motivated by this observation, we explore adversarial attacks that represent a more realistic inference setup. Adversarial attacks on text have been shown to greatly affect the performance of LLMs, but currently, there are no attacks targeting tabular language models. In this paper, we propose an evasive entity-swap attack for the column type annotation (CTA) task. Our CTA attack is the first black-box attack on tables, where we employ a similarity-based sampling strategy to generate adversarial examples. The experimental results show that the proposed attack generates up to a 70% drop in performance.