A Black Box Algorithm of Random Beam Search Text Attack
To solve the problem that existing adversarial text generation algorithms are prone to fall into local optimal solution, an algorithm R-attack is proposed that uses beam search and random elements to improve the attack success rate.The R-attack algorithm first utilizes beam search to thoroughly explore the synonym space, thereby increasing the diversity of adversarial samples and enhancing the efficiency of the attack.Meanwhile, during the iterative search process, random elements are introduced to avoid premature convergence to local optima, effectively improving the success rate of the attack.Adversarial attack experiments were conducted on two models across three datasets, and the results demonstrate that the R-attack algorithm significantly improves the success rate of adversarial samples.Taking the example of attacking an LSTM model trained on"Yahoo! Answers,"the R-attack algorithm achieves a 2.4% increase in attack success rate compared to the baseline.
adversarial attacknatural language processingblack box attack
NETL
NSTL
万方数据
