In the field of natural language processing,black-box hard-label adversarial attacks are limited by the discrete and non-differentiable nature of text data and only access the decision results of models,thus unable to balance attack effectiveness and efficiency.To address this issue,we propose an algorithm called TextSwindler,a black-box hard-label textual adversarial attack algorithm based on word replacement.Adversarial samples are randomly initialized based on global substitution.During the iterative optimization,this method searches for neighboring samples in the word embedding space,and employs perturbation optimization based on backtracking control to reduce the perturbation rate of the adversarial samples.Finally,the simple replacement rules are utilized to search the optimal word to improve the semantic similarity of the generated adversarial samples.Experimental results on 8 datasets and 3 deep learning models demonstrate that the TextSwindler method can reduce the query number by 43.6%while ensuring the quality of generated samples.
NETL
NSTL
万方数据
