TextLeak:Decision-Based Word-Level Black-Box Text Adversarial Attack Method
Existing decision-based black-box text adversarial attack methods cannot balance attack effectiveness and efficiency.Therefore,a simple and efficient decision-based word-level black-box text adversarial attack method called TextLeak is proposed.The fundamental concept of this method involes searching for the minimum perturbation required to generate adversarial examples through a multi-level search.Specifically,it begins with a coarse-grained search to identify the target area.Then,it uses fine-grained search based on this target area to find the optimal solution as the adversarial example.The main evaluation metrics are attack success rate,perturbed rate,and query number.Three state-of-the-art decision-based black-box text adversarial attacks are selected as baseline methods for experimental comparison on the same dataset and model.The experimental results show that TextLeak has an average query number of about 368 times and an average attack success rate of about 96.0%on text classification tasks.Compared with the population-based optimization algorithm(POA),TextLeak has an average query number of about 5.25%of POA while maintaining a comparable attack success rate.This demonstrates that TextLeak has a high attack success rate and query efficiency,and it is a simple,efficient,and practical text adversarial attack method with broad application prospects.
natural language processingadversarial attacksblack-box attacks
NETL
NSTL
万方数据
