Adversarially Robust Detection of Harmful Online Content: A Computational Design Science Approach

TL;DR

This paper introduces a novel framework and detector for identifying harmful online content that is robust against adversarial attacks, combining innovative training strategies and ensemble methods to enhance generalizability and accuracy.

Contribution

It proposes the LLM-SGA framework and ARHOCD detector, integrating novel ensemble, weighting, and adversarial training techniques for improved robustness against adversarial content detection.

Findings

ARHOCD outperforms existing methods in robustness and accuracy

Demonstrates effectiveness across hate speech, rumor, and extremist datasets

Achieves strong generalizability against diverse adversarial attacks

Abstract

Social media platforms are plagued by harmful content such as hate speech, misinformation, and extremist rhetoric. Machine learning (ML) models are widely adopted to detect such content; however, they remain highly vulnerable to adversarial attacks, wherein malicious users subtly modify text to evade detection. Enhancing adversarial robustness is therefore essential, requiring detectors that can defend against diverse attacks (generalizability) while maintaining high overall accuracy. However, simultaneously achieving both optimal generalizability and accuracy is challenging. Following the computational design science paradigm, this study takes a sequential approach that first proposes a novel framework (Large Language Model-based Sample Generation and Aggregation, LLM-SGA) by identifying the key invariances of textual adversarial attacks and leveraging them to ensure that a detector instantiated within the framework has strong generalizability. Second, we instantiate our detector (Adversarially Robust Harmful Online Content Detector, ARHOCD) with three novel design components to improve detection accuracy: (1) an ensemble of multiple base detectors that exploits their complementary strengths; (2) a novel weight assignment method that dynamically adjusts weights based on each sample's predictability and each base detector's capability, with weights initialized using domain knowledge and updated via Bayesian inference; and (3) a novel adversarial training strategy that iteratively optimizes both the base detectors and the weight assignor. We addressed several limitations of existing adversarial robustness enhancement research and empirically evaluated ARHOCD across three datasets spanning hate speech, rumor, and extremist content. Results show that ARHOCD offers strong generalizability and improves detection accuracy under adversarial conditions.