TL;DR
This paper introduces a simple add-on method that improves language model robustness against adversarial attacks by removing principal components at the instance level, avoiding costly adversarial training.
Contribution
The proposed method enhances PLM robustness through principal component removal without relying on adversarial data or complex training procedures.
Findings
Improves robustness on eight benchmark datasets.
Maintains comparable accuracy before attacks.
Achieves a good balance between robustness and generalization.
Abstract
Pre-trained language models (PLMs) have driven substantial progress in natural language processing but remain vulnerable to adversarial attacks, raising concerns about their robustness in real-world applications. Previous studies have sought to mitigate the impact of adversarial attacks by introducing adversarial perturbations into the training process, either implicitly or explicitly. While both strategies enhance robustness, they often incur high computational costs. In this work, we propose a simple yet effective add-on module that enhances the adversarial robustness of PLMs by removing instance-level principal components, without relying on conventional adversarial defences or perturbing the original training data. Our approach transforms the embedding space to approximate Gaussian properties, thereby reducing its susceptibility to adversarial perturbations while preserving semantic…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
