Please use this identifier to cite or link to this item:
Full metadata record
DC FieldValueLanguage
dc.contributor.authorDong, Xinshuaien_US
dc.identifier.citationDong, X. (2022). Adversarial attacks and defenses in natural language processing. Master's thesis, Nanyang Technological University, Singapore.
dc.description.abstractDeep neural networks (DNNs) are becoming increasingly successful in many fields. However, DNNs are shown to be strikingly susceptible to adversarial examples. For instance, models pre-trained on very large corpora can still be easily fooled by word substitution attacks using only synonyms. This phenomenon has raised grand security challenges to modern machine learning systems, such as self-driving, spam filtering, and speech recognition, where DNNs are widely deployed. In this thesis, we first give a brief introduction of adversarial attacks and defenses. We focus on Natural Language Processing (NLP) and review some recent advances in attack algorithms and defense methods in Chapter 2. We also give a formalized definition of the research objective in this thesis, i.e., how to improve the adversarial robustness of NLP models. To this end, we propose novel and effective solutions to enhance NLP models towards robustness in the following chapters. In Chapter 3, for the classical NLP models like Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN), we present a novel adversarial training method, Adversarial Sparse Convex Combination (ASCC) defense, for adversarial robustness against word substitution attacks. To be specific, we model the substitution attack space as a convex hull and employ a regularizer to encourage the modeled perturbation towards an actual substitution. Therefore, we are able to align the modeling better with the discrete textual space. We empirically validate ASCC-defense in our experiments and it surpasses all compared state-of-the-arts on prevailing NLP tasks like sentiment analysis and natural language inference consistently under multiple attacks. To date, pre-trained language models, e.g., Bidirectional Transformers (BERT), are getting increasingly popular and fine-tuning a pre-trained language model for downstream tasks is becoming the new NLP paradigm. As such, how to fine-tune pre-trained language models towards adversarial robustness is of great importance. In Chapter 4, we first demonstrate that the prevalent defense technique, adversarial training, does not directly fit a conventional fine-tuning scenario. The reason lies in that conventional adversarial fine-tuning suffers severely from catastrophic forgetting and the fine-tuned models often fail to retain the generic and robust linguistic features captured during the pre-training stage. To this end, we propose Robust Informative Fine-Tuning (RIFT), a novel adversarial fine-tuning method from an information-theoretical perspective. In particular, RIFT encourages a model to memorize all the useful features learned before throughout the entire fine-tuning process, whereas a conventional fine-tuning framework only uses the weights of the pre-trained model for initialization. In experiments, we demonstrate that RIFT consistently surpasses state-of-the-arts under different attacks across various pre-trained language models. Last, we conclude this thesis in Chapter 5 and discuss some promising future directions for further exploration.en_US
dc.publisherNanyang Technological Universityen_US
dc.rightsThis work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0).en_US
dc.subjectEngineering::Computer science and engineeringen_US
dc.titleAdversarial attacks and defenses in natural language processingen_US
dc.typeThesis-Master by Researchen_US
dc.contributor.supervisorLuu Anh Tuanen_US
dc.contributor.schoolSchool of Computer Science and Engineeringen_US
dc.description.degreeMaster of Engineeringen_US
item.fulltextWith Fulltext-
Appears in Collections:SCSE Theses
Files in This Item:
File Description SizeFormat 
main_thesis.pdf1.69 MBAdobe PDFThumbnail

Page view(s)

Updated on Apr 18, 2024

Download(s) 50

Updated on Apr 18, 2024

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.