Must-read Papers on Textual Adversarial Attack and Defense (TAAD)

必读的文本对抗性攻击与防御论文（TAAD）系列之2.2 Word-level Attack

2.2 Word-level Attack

0.前言

2024.3.3— 正在编辑

1-10

1.Bridge the Gap Between CV and NLP! A Gradient-based Textual Adversarial Attack Framework

a. 背景

b. 方法

c. 结果

d. 论文及代码

Bridge the Gap Between CV and NLP! A Gradient-based Textual Adversarial Attack Framework. Lifan Yuan, Yichi Zhang, Yangyi Chen, Wei Wei. Findings of ACL 2023. decision[pdf]

论文：[2110.15317] Bridge the Gap Between CV and NLP! A Gradient-based Textual Adversarial Attack Framework (arxiv.org)

代码：https://github.com/Phantivia/T-PGD.

2.TextHacker: Learning based Hybrid Local Search Algorithm for Text Hard-label Adversarial Attack

a. 背景

b. 方法

c. 结果

d. 论文及代码

TextHacker: Learning based Hybrid Local Search Algorithm for Text Hard-label Adversarial Attack. Zhen Yu, Xiaosen Wang, Wanxiang Che, Kun He. Findings of EMNLP 2022. decision[pdf][code]

论文：[2201.08193] TextHacker: Learning based Hybrid Local Search Algorithm for Text Hard-label Adversarial Attack (arxiv.org)

代码：GitHub - JHL-HUST/TextHacker: TextHacker: Learning based Hybrid Local Search Algorithm for Hard-label Text Adversarial Attack

3.TextHoaxer: Budgeted Hard-Label Adversarial Attacks on Text

a. 背景

b. 方法

c. 结果

d. 论文及代码

TextHoaxer: Budgeted Hard-Label Adversarial Attacks on Text. Muchao Ye, Chenglin Miao, Ting Wang, Fenglong Ma. AAAI 2022. decision [pdf] [code]

论文：TextHoaxer: Budgeted Hard-Label Adversarial Attacks on Text | Proceedings of the AAAI Conference on Artificial Intelligence

代码：GitHub - machinelearning4health/TextHoaxer: Implementation Code of TextHoaxer

4.Query-Efficient and Scalable Black-Box Adversarial Attacks on Discrete Sequential Data via Bayesian Optimization

a. 背景

b. 方法

c. 结果

d. 论文及代码

Query-Efficient and Scalable Black-Box Adversarial Attacks on Discrete Sequential Data via Bayesian Optimization. Deokjae Lee, Seungyong Moon, Junhyeok Lee, Hyun Oh Song. ICML 2022. score [pdf][code]

论文：[2206.08575] Query-Efficient and Scalable Black-Box Adversarial Attacks on Discrete Sequential Data via Bayesian Optimization (arxiv.org)

代码：GitHub - snu-mllab/DiscreteBlockBayesAttack: Official PyTorch implementation of “Query-Efficient and Scalable Black-Box Adversarial Attacks on Discrete Sequential Data via Bayesian Optimization” (ICML’22)

5.SemAttack: Natural Textual Attacks on Different Semantic Spaces

a. 背景

b. 方法

c. 结果

d. 论文及代码

SemAttack: Natural Textual Attacks on Different Semantic Spaces. Boxin Wang, Chejian Xu, Xiangyu Liu, Yu Cheng, Bo Li. Findings of NAACL 2022. gradient [pdf] [code]

论文：[2205.01287] SemAttack: Natural Textual Attacks via Different Semantic Spaces (arxiv.org)

代码：github.com

6.Gradient-based Adversarial Attacks against Text Transformers

a. 背景

b. 方法

c. 结果

d. 论文及代码

Gradient-based Adversarial Attacks against Text Transformers. Chuan Guo, Alexandre Sablayrolles, Hervé Jégou, Douwe Kiela. EMNLP 2021. gradient [pdf] [code]

论文：2021.emnlp-main.464.pdf (aclanthology.org)

代码：https://github.com/facebookresearch/text-adversarial-attack

7.A Strong Baseline for Query Efficient Attacks in a Black Box Setting

a. 背景

b. 方法

c. 结果

d. 论文及代码

A Strong Baseline for Query Efficient Attacks in a Black Box Setting. Rishabh Maheswary, Saket Maheshwary, Vikram Pudi. EMNLP 2021. score [pdf] [code]

论文：[2109.04775] A Strong Baseline for Query Efficient Attacks in a Black Box Setting (arxiv.org)

代码：GitHub - RishabhMaheshwary/query-attack: A Query Efficient Natural Language Attack in a Black Box Setting

8.On the Transferability of Adversarial Attacks against Neural Text Classifier

a. 背景

b. 方法

c. 结果

d. 论文及代码

On the Transferability of Adversarial Attacks against Neural Text Classifier. Liping Yuan, Xiaoqing Zheng, Yi Zhou, Cho-Jui Hsieh, Kai-Wei Chang. EMNLP 2021. [pdf]

论文：2011.08558.pdf (arxiv.org)

代码：

9.Crafting Adversarial Examples for Neural Machine Translation

a. 背景

b. 方法

c. 结果

d. 论文及代码

Crafting Adversarial Examples for Neural Machine Translation. Xinze Zhang, Junzhe Zhang, Zhenhua Chen, Kun He. ACL-IJCNLP 2021. score [pdf] [code]

论文：2021.acl-long.153.pdf (aclanthology.org)

代码：GitHub - JHL-HUST/AdvNMT-WSLS: Crafting Adversarial Examples for Neural Machine Translation

10.An Empirical Study on Adversarial Attack on NMT: Languages and Positions Matter

a. 背景

b. 方法

c. 结果

d. 论文及代码

An Empirical Study on Adversarial Attack on NMT: Languages and Positions Matter. Zhiyuan Zeng, Deyi Xiong. ACL-IJCNLP 2021. score [pdf]

论文：2021.acl-short.58.pdf (aclanthology.org)

代码：

11-20

11.A Closer Look into the Robustness of Neural Dependency Parsers Using Better Adversarial Examples

a. 背景

b. 方法

c. 结果

d. 论文及代码

A Closer Look into the Robustness of Neural Dependency Parsers Using Better Adversarial Examples. Yuxuan Wang, Wanxiang Che, Ivan Titov, Shay B. Cohen, Zhilin Lei, Ting Liu. Findings of ACL: ACL-IJCNLP 2021. score [pdf] [code]

论文：2021.findings-acl.207.pdf (aclanthology.org)

代码：github.com

12.Contextualized Perturbation for Textual Adversarial Attack

a. 背景

b. 方法

c. 结果

d. 论文及代码

Contextualized Perturbation for Textual Adversarial Attack. Dianqi Li, Yizhe Zhang, Hao Peng, Liqun Chen, Chris Brockett, Ming-Ting Sun, Bill Dolan. NAACL-HLT 2021. score [pdf] [code]

论文：2021.naacl-main.400.pdf (aclanthology.org)

代码：github.com

13.Adv-OLM: Generating Textual Adversaries via OLM

a. 背景

b. 方法

c. 结果

d. 论文及代码

Adv-OLM: Generating Textual Adversaries via OLM. Vijit Malik, Ashwani Bhat, Ashutosh Modi. EACL 2021. score [pdf] [code]

论文：2021.eacl-main.71.pdf (aclanthology.org)

代码：github.com

14.Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling

a. 背景

b. 方法

c. 结果

d. 论文及代码

Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling. Chris Emmery, Ákos Kádár, Grzegorz Chrupała. EACL 2021. blind [pdf] [code]

论文：2021.eacl-main.203.pdf (aclanthology.org)

代码：github.com

15.Generating Natural Language Attacks in a Hard Label Black Box Setting

a. 背景

b. 方法

c. 结果

d. 论文及代码

Generating Natural Language Attacks in a Hard Label Black Box Setting. Rishabh Maheshwary, Saket Maheshwary, Vikram Pudi. AAAI 2021. decision [pdf] [code]

论文：2012.14956.pdf (arxiv.org)

代码：https://github.com/RishabhMaheshwary/hard-label-attack

16.A Geometry-Inspired Attack for Generating Natural Language Adversarial Examples

a. 背景

b. 方法

c. 结果

d. 论文及代码

A Geometry-Inspired Attack for Generating Natural Language Adversarial Examples. Zhao Meng, Roger Wattenhofer. COLING 2020. gradient [pdf] [code]

论文：2020.coling-main.585.pdf (aclanthology.org)

代码：https://github.com/zhaopku/nlp_geometry_attack

17.BERT-ATTACK: Adversarial Attack Against BERT Using BERT

a. 背景

b. 方法

c. 结果

d. 论文及代码

BERT-ATTACK: Adversarial Attack Against BERT Using BERT. Linyang Li, Ruotian Ma, Qipeng Guo, Xiangyang Xue, Xipeng Qiu. EMNLP 2020. score [pdf] [code]

论文：aclanthology.org/2020.emnlp-main.500.pdf

代码：GitHub - LinyangLee/BERT-Attack: Code for EMNLP2020 long paper: BERT-Attack: Adversarial Attack Against BERT Using BERT

18.BAE: BERT-based Adversarial Examples for Text Classification

a. 背景

b. 方法

c. 结果

d. 论文及代码

BAE: BERT-based Adversarial Examples for Text Classification. Siddhant Garg, Goutham Ramakrishnan. EMNLP 2020. score [pdf] [code]

论文：2020.emnlp-main.498.pdf (aclanthology.org)

代码：TextAttack/textattack/attack_recipes/bae_garg_2019.py at master · QData/TextAttack · GitHub

19.Detecting Word Sense Disambiguation Biases in Machine Translation for Model-Agnostic Adversarial Attacks

a. 背景

b. 方法

c. 结果

d. 论文及代码

Detecting Word Sense Disambiguation Biases in Machine Translation for Model-Agnostic Adversarial Attacks. Denis Emelin, Ivan Titov, Rico Sennrich. EMNLP 2020. blind [pdf] [code]

论文：2020.emnlp-main.616.pdf (aclanthology.org)

代码：GitHub - demelin/detecting_wsd_biases_for_nmt: Repository containing the experimental code for the publication ‘Detecting Word Sense Disambiguation Biases in Machine Translation for Model-Agnostic Adversarial Attacks’ (Emelin, Denis, Ivan Titov, and Rico Sennrich, EMNLP 2020).

20.Imitation Attacks and Defenses for Black-box Machine Translation Systems

a. 背景

b. 方法

c. 结果

d. 论文及代码

Imitation Attacks and Defenses for Black-box Machine Translation Systems. Eric Wallace, Mitchell Stern, Dawn Song. EMNLP 2020. decision [pdf] [code]

论文：aclanthology.org/2020.emnlp-main.446.pdf

代码：GitHub - Eric-Wallace/adversarial-mt: Code for “Imitation Attacks and Defenses for Black-box Machine Translations Systems”

21-30

21.Robustness to Modification with Shared Words in Paraphrase Identification

a. 背景

b. 方法

c. 结果

d. 论文及代码

Robustness to Modification with Shared Words in Paraphrase Identification. Zhouxing Shi, Minlie Huang. Findings of ACL: EMNLP 2020. score [pdf]

论文：aclanthology.org/2020.findings-emnlp.16.pdf

代码：

22.Word-level Textual Adversarial Attacking as Combinatorial Optimization

a. 背景

b. 方法

c. 结果

d. 论文及代码

Word-level Textual Adversarial Attacking as Combinatorial Optimization. Yuan Zang, Fanchao Qi, Chenghao Yang, Zhiyuan Liu, Meng Zhang, Qun Liu, Maosong Sun. ACL 2020. score [pdf] [code]

论文：2020.acl-main.540.pdf (aclanthology.org)

代码：GitHub - thunlp/SememePSO-Attack: Code and data of the ACL 2020 paper “Word-level Textual Adversarial Attacking as Combinatorial Optimization”

23.It’s Morphin’ Time! Combating Linguistic Discrimination with Inflectional Perturbations

a. 背景

b. 方法

c. 结果

d. 论文及代码

It’s Morphin’ Time! Combating Linguistic Discrimination with Inflectional Perturbations. Samson Tan, Shafiq Joty, Min-Yen Kan, Richard Socher. ACL 2020. score [pdf] [code]

论文：2020.acl-main.263.pdf (aclanthology.org)

代码：GitHub - salesforce/morpheus: Code for ACL’20 paper “It’s Morphin’ Time! Combating Linguistic Discrimination with Inflectional Perturbations”

24.On the Robustness of Language Encoders against Grammatical Errors

a. 背景

b. 方法

c. 结果

d. 论文及代码

On the Robustness of Language Encoders against Grammatical Errors. Fan Yin, Quanyu Long, Tao Meng, Kai-Wei Chang. ACL 2020. score [pdf] [code]

论文：2020.acl-main.310.pdf (aclanthology.org)

代码：GitHub - uclanlp/ProbeGrammarRobustness: Source code for ACL2020: On the Robustness of Language Encoders against Grammatical Errors

25.Evaluating and Enhancing the Robustness of Neural Network-based Dependency Parsing Models with Adversarial Examples

a. 背景

b. 方法

c. 结果

d. 论文及代码

Evaluating and Enhancing the Robustness of Neural Network-based Dependency Parsing Models with Adversarial Examples. Xiaoqing Zheng, Jiehang Zeng, Yi Zhou, Cho-Jui Hsieh, Minhao Cheng, Xuanjing Huang. ACL 2020. gradient score [pdf] [code]

论文：2020.acl-main.590.pdf (aclanthology.org)

代码：GitHub - zjiehang/DPAttack: Pytorch implementation for ACL 2020 Paper: “Evaluating and Enhancing the Robustness of Neural Network-based Dependency Parsing Models with Adversarial Examples”

26.A Reinforced Generation of Adversarial Examples for Neural Machine Translation

a. 背景

b. 方法

c. 结果

d. 论文及代码

A Reinforced Generation of Adversarial Examples for Neural Machine Translation. Wei Zou, Shujian Huang, Jun Xie, Xinyu Dai, Jiajun Chen. ACL 2020. decision [pdf]

论文：aclanthology.org/2020.acl-main.319.pdf

代码：

27.Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment

a. 背景

b. 方法

c. 结果

d. 论文及代码

Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment. Di Jin, Zhijing Jin, Joey Tianyi Zhou, Peter Szolovits. AAAI 2020. score [pdf] [code]

论文：1907.11932v4.pdf (arxiv.org)

代码：GitHub - jind11/TextFooler: A Model for Natural Language Attack on Text Classification and Inference

28.Seq2Sick: Evaluating the Robustness of Sequence-to-Sequence Models with Adversarial Examples

a. 背景

b. 方法

c. 结果

d. 论文及代码

Seq2Sick: Evaluating the Robustness of Sequence-to-Sequence Models with Adversarial Examples. Minhao Cheng, Jinfeng Yi, Pin-Yu Chen, Huan Zhang, Cho-Jui Hsieh. AAAI 2020. score [pdf] [code]

论文：1803.01128.pdf (arxiv.org)

代码：GitHub - cmhcbb/Seq2Sick: Adversarial examples for Seq2Seq model in NLP

29.Greedy Attack and Gumbel Attack: Generating Adversarial Examples for Discrete Data

a. 背景

b. 方法

c. 结果

d. 论文及代码

Greedy Attack and Gumbel Attack: Generating Adversarial Examples for Discrete Data. Puyudi Yang, Jianbo Chen, Cho-Jui Hsieh, Jane-LingWang, Michael I. Jordan. JMLR 2020. score [pdf] [code]

论文：19-569.pdf (jmlr.org)

代码：GitHub - Puyudi/Greedy-Attack-and-Gumbel-Attack （Under Construction.）

30.On the Robustness of Self-Attentive Models

a. 背景

b. 方法

c. 结果

d. 论文及代码

On the Robustness of Self-Attentive Models. Yu-Lun Hsieh, Minhao Cheng, Da-Cheng Juan, Wei Wei, Wen-Lian Hsu, Cho-Jui Hsieh. ACL 2019. score [pdf]

论文：P19-1147.pdf (aclanthology.org)

代码：

31-40

31.Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency

a. 背景

b. 方法

c. 结果

d. 论文及代码

Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency. Shuhuai Ren, Yihe Deng, Kun He, Wanxiang Che. ACL 2019. score [pdf] [code]

论文：P19-1103.pdf (aclanthology.org)

代码：[GitHub - JHL-HUST/PWWS: Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency](https://github.com/JHL-HUST/PWWS/)

32.Generating Fluent Adversarial Examples for Natural Languages

a. 背景

b. 方法

c. 结果

d. 论文及代码

Generating Fluent Adversarial Examples for Natural Languages. Huangzhao Zhang, Hao Zhou, Ning Miao, Lei Li. ACL 2019. gradient score [pdf] [code]

论文：Generating Fluent Adversarial Examples for Natural Languages - ACL Anthology

代码：GitHub - LC-John/Metropolis-Hastings-Attacker: “Generating Fluent Adversarial Examples for Natural Languages”

33.Robust Neural Machine Translation with Doubly Adversarial Inputs

a. 背景

b. 方法

c. 结果

d. 论文及代码

Robust Neural Machine Translation with Doubly Adversarial Inputs. Yong Cheng, Lu Jiang, Wolfgang Macherey. ACL 2019. gradient [pdf]

论文：https://aclanthology.org/P19-1425/

代码：

34.Universal Adversarial Attacks on Text Classifiers

a. 背景

b. 方法

c. 结果

d. 论文及代码

Universal Adversarial Attacks on Text Classifiers. Melika Behjati, Seyed-Mohsen Moosavi-Dezfooli, Mahdieh Soleymani Baghshah, Pascal Frossard. ICASSP 2019. gradient [pdf]

论文：Universal Adversarial Attacks on Text Classifiers | IEEE Conference Publication | IEEE Xplore

代码：

35.Generating Natural Language Adversarial Examples

a. 背景

b. 方法

c. 结果

d. 论文及代码

Generating Natural Language Adversarial Examples. Moustafa Alzantot, Yash Sharma, Ahmed Elgohary, Bo-Jhang Ho, Mani Srivastava, Kai-Wei Chang. EMNLP 2018. score [pdf] [code]

论文：Generating Natural Language Adversarial Examples - ACL Anthology

代码：GitHub - nesl/nlp_adversarial_examples: Implementation code for the paper “Generating Natural Language Adversarial Examples”

36.Breaking NLI Systems with Sentences that Require Simple Lexical Inferences

a. 背景

b. 方法

c. 结果

d. 论文及代码

Breaking NLI Systems with Sentences that Require Simple Lexical Inferences. Max Glockner, Vered Shwartz, Yoav Goldberg. ACL 2018. blind [pdf] [dataset]

论文：Breaking NLI Systems with Sentences that Require Simple Lexical Inferences - ACL Anthology

代码：GitHub - BIU-NLP/Breaking_NLI: NLI test set with lexical inferences

37.Deep Text Classification Can be Fooled

a. 背景

b. 方法

c. 结果

d. 论文及代码

Deep Text Classification Can be Fooled. Bin Liang, Hongcheng Li, Miaoqiang Su, Pan Bian, Xirong Li, Wenchang Shi. IJCAI 2018. gradient score [pdf]

论文：1704.08006.pdf (arxiv.org)

代码：

38.Interpretable Adversarial Perturbation in Input Embedding Space for Text

a. 背景

b. 方法

c. 结果

d. 论文及代码

Interpretable Adversarial Perturbation in Input Embedding Space for Text. Sato, Motoki, Jun Suzuki, Hiroyuki Shindo, Yuji Matsumoto. IJCAI 2018. gradient [pdf] [code]

论文：1805.02917.pdf (arxiv.org)

代码：GitHub - aonotas/interpretable-adv: Code for Interpretable Adversarial Perturbation in Input Embedding Space for Text, IJCAI 2018.

39.Towards Crafting Text Adversarial Samples

a. 背景

b. 方法

c. 结果

d. 论文及代码

Towards Crafting Text Adversarial Samples. Suranjana Samanta, Sameep Mehta. ECIR 2018. gradient [pdf]

论文：1707.02812.pdf (arxiv.org)

代码：

40.Crafting Adversarial Input Sequences For Recurrent Neural Networks

a. 背景

b. 方法

c. 结果

d. 论文及代码

Crafting Adversarial Input Sequences For Recurrent Neural Networks. Nicolas Papernot, Patrick McDaniel, Ananthram Swami, Richard Harang. MILCOM 2016. gradient [pdf]

论文：1604.08275.pdf (arxiv.org)

代码：