Exploring Adversarial Robustness in Classification tasks using DNA Language Models

TL;DR

This paper investigates the vulnerability of DNA language models to adversarial attacks at multiple levels, revealing significant susceptibility and demonstrating that adversarial training can improve their robustness and accuracy.

Contribution

It provides a comprehensive analysis of adversarial robustness in DNA language models and introduces adversarial training as an effective defense mechanism.

Findings

DNA models are highly susceptible to adversarial attacks

Adversarial training improves model robustness and accuracy

Model performance degrades significantly under attack

Abstract

DNA Language Models, such as GROVER, DNABERT2 and the Nucleotide Transformer, operate on DNA sequences that inherently contain sequencing errors, mutations, and laboratory-induced noise, which may significantly impact model performance. Despite the importance of this issue, the robustness of DNA language models remains largely underexplored. In this paper, we comprehensivly investigate their robustness in DNA classification by applying various adversarial attack strategies: the character (nucleotide substitutions), word (codon modifications), and sentence levels (back-translation-based transformations) to systematically analyze model vulnerabilities. Our results demonstrate that DNA language models are highly susceptible to adversarial attacks, leading to significant performance degradation. Furthermore, we explore adversarial training method as a defense mechanism, which enhances both robustness and classification accuracy. This study highlights the limitations of DNA language models and underscores the necessity of robustness in bioinformatics.