Home

Awesome

Advbench

Code and data of the EMNLP 2022 paper "Why Should Adversarial Perturbations be Imperceptible? Rethink the Research Paradigm in Adversarial NLP"[PDF] .

Overview

In this paper, we rethink the research paradigm of textual adversarial samples in security scenarios. We discuss the deficiencies in previous work and propose our suggestions that the research on the Security-oriented adversarial NLP (SoadNLP) should: (1) evaluate their methods on security tasks to demonstrate the real-world concerns; (2) consider real-world attackers' goals, instead of developing impractical methods. To this end, we first collect, process, and release a security datasets collection advbench. Then, we reformalize the task and adjust the emphasis on different goals in SoadNLP. Next, we propose a simple method based on heuristic rules that can easily fulfill the actual adversarial goals to simulate real-world attack methods.We conduct experiments on both the attack and the defense sides on Advbenchmark. Experimental results show that our method has higher practical value, indicating that the research paradigm in SoadNLP may start from our new benchmark.

<img src="figs/main.png" alt="main" style="zoom:50%;" />

Dependencies

pip install -r requirements.txt

Maybe you need to change the version of some libraries depending on your servers.

Data Preparation

First, you need to create the file data to store dataset:

cd Advbench
mkdir data

Then you need to download the data from Google Drive[data] .

We provide the original dataset (ori_dataset), the processed dataset (rel_dataset) the experimental dataset (exp_dataset) and a pure compression package for experiments. If you just want to reproduce the experiment, you shold download the data.zip and save it into /data, then unpakage the zip file with the following command:

unzip data.zip

If you want to use our benchmark for further research, please download rel_dataset. If you want to use raw dataset to process the data yourself, you can download ori_dataset. Exp_dataset is just an uncompressed format of data.zip .

Experiments

First, you need to create the file model and output to respectively store fine-tuned model and adversarial output dataset.

mkdir model
mkdir output

Then you should fine-tune the pre-trained model on our security datasets collection Advbench.

bash scripts/train.sh

To conduct the baseline attack experiments in our settings:

bash scripts/base_attack.sh

To conduct attack experiments via ROCKET in our settings:

bash scripts/rocket.sh

Citation

Please kindly cite our paper:

@article{chen2022should,
  title={Why Should Adversarial Perturbations be Imperceptible? Rethink the Research Paradigm in Adversarial NLP},
  author={Chen, Yangyi and Gao, Hongcheng and Cui, Ganqu and Qi, Fanchao and Huang, Longtao and Liu, Zhiyuan and Sun, Maosong},
  journal={arXiv preprint arXiv:2210.10683},
  year={2022}
}