NMT-Obfuscator Attack: Ignore a sentence in translation with only one word

TL;DR

This paper introduces a novel adversarial attack on neural machine translation systems that causes the model to ignore a sentence by inserting a natural-sounding word, highlighting vulnerabilities in translation robustness.

Contribution

The paper presents a new attack method that tricks NMT models into ignoring parts of input without detection, revealing a significant security vulnerability.

Findings

Over 50% success rate in causing models to ignore sentences

Attack maintains low perplexity and naturalness in input

Vulnerable across multiple NMT models and tasks

Abstract

Neural Machine Translation systems are used in diverse applications due to their impressive performance. However, recent studies have shown that these systems are vulnerable to carefully crafted small perturbations to their inputs, known as adversarial attacks. In this paper, we propose a new type of adversarial attack against NMT models. In this attack, we find a word to be added between two sentences such that the second sentence is ignored and not translated by the NMT model. The word added between the two sentences is such that the whole adversarial text is natural in the source language. This type of attack can be harmful in practical scenarios since the attacker can hide malicious information in the automatic translation made by the target NMT model. Our experiments show that different NMT models and translation tasks are vulnerable to this type of attack. Our attack can successfully force the NMT models to ignore the second part of the input in the translation for more than 50% of all cases while being able to maintain low perplexity for the whole input.