Certified Robustness to Text Adversarial Attacks by Randomized [MASK]

Add code
May 08, 2021
Jiehang Zeng, Xiaoqing Zheng, Jianhan Xu, Linyang Li, Liping Yuan, Xuanjing Huang
Figure 1 for Certified Robustness to Text Adversarial Attacks by Randomized [MASK]
Figure 2 for Certified Robustness to Text Adversarial Attacks by Randomized [MASK]
Figure 3 for Certified Robustness to Text Adversarial Attacks by Randomized [MASK]
Figure 4 for Certified Robustness to Text Adversarial Attacks by Randomized [MASK]

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Recently, few certified defense methods have been developed to provably guarantee the robustness of a text classifier to adversarial synonym substitutions. However, all existing certified defense methods assume that the defenders are informed of how the adversaries generate synonyms, which is not a realistic scenario. In this paper, we propose a certifiably robust defense method by randomly masking a certain proportion of the words in an input text, in which the above unrealistic assumption is no longer necessary. The proposed method can defend against not only word substitution-based attacks, but also character-level perturbations. We can certify the classifications of over 50% texts to be robust to any perturbation of 5 words on AGNEWS, and 2 words on SST2 dataset. The experimental results show that our randomized smoothing method significantly outperforms recently proposed defense methods across multiple datasets.

* Accepted by Findings of ACL 2021, Long Paper  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon