BinarySelect to Improve Accessibility of Black-Box Attack Research
Shatarupa Ghosh, Jonathan Rusert
TL;DR
This paper introduces BinarySelect, a method that significantly reduces the number of queries needed for black-box adversarial text attacks, making such research more accessible and resource-efficient.
Contribution
BinarySelect combines binary search with attack selection to efficiently identify tokens for adversarial attacks, reducing query complexity from linear to logarithmic scale.
Findings
BinarySelect reduces query count by approximately 32% on Yelp dataset.
The attack effectiveness drops only marginally (around 5 points) despite fewer queries.
BinarySelect enables resource-efficient adversarial attack research on NLP models.
Abstract
Adversarial text attack research is useful for testing the robustness of NLP models, however, the rise of transformers has greatly increased the time required to test attacks. Especially when researchers do not have access to adequate resources (e.g. GPUs). This can hinder attack research, as modifying one example for an attack can require hundreds of queries to a model, especially for black-box attacks. Often these attacks remove one token at a time to find the ideal one to change, requiring queries (the length of the text) right away. We propose a more efficient selection method called BinarySelect which combines binary search and attack selection methods to greatly reduce the number of queries needed to find a token. We find that BinarySelect only needs queries to find the first token compared to queries. We also test BinarySelect in an attack setting…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAnomaly Detection Techniques and Applications