| 王文琦,汪润,王丽娜,唐奔宵.面向中文文本倾向性分类的对抗样本生成方法.软件学报,2019,30(8):2415-2427 |
| 面向中文文本倾向性分类的对抗样本生成方法 |
| Adversarial Examples Generation Approach for Tendency Classification on Chinese Texts |
| 投稿时间:2018-05-31 修订日期:2018-09-21 |
| DOI:10.13328/j.cnki.jos.005765 |
| 中文关键词: 中文文本 对抗样本 深度学习模型 评分函数 黑盒 |
| 英文关键词:Chinese text adversarial examples deep learning models score function black box |
| 基金项目:国家自然科学基金(61876134);国家重点研发计划(2016YFB0801100);中央高校基本科研业务费专项资金(2042018kf1028) |
|
| 摘要点击次数: 2950 |
| 全文下载次数: 3207 |
| 中文摘要: |
| 研究表明,在深度神经网络(DNN)的输入中添加小的扰动信息,能够使得DNN出现误判,这种攻击被称为对抗样本攻击.而对抗样本攻击也存在于基于DNN的中文文本的情感倾向性检测中,因此提出了一种面向中文文本的对抗样本生成方法WordHanding.该方法设计了新的词语重要性计算算法,并用同音词替换以生成对抗样本,用于在黑盒情况下实施对抗样本攻击.采用真实的数据集(京东购物评论和携程酒店评论),在长短记忆网络(LSTM)和卷积神经网络(CNN)这两种DNN模型上验证该方法的有效性.实验结果表明,生成的对抗样本能够很好地误导中文文本的倾向性检测系统. |
| 英文摘要: |
| Studies have shown that the adversarial example attack is that small perturbations are added on the input to make deep neural network (DNN) misbehave. Meanwhile, these attacks also exist in Chinese text sentiment orientation classification based on DNN and a method "WordHandling" is proposed to generate this kind of adversarial examples. This method designs a new algorithm aiming at calculating important words. Then the words are replaced with homonym to generate adversarial examples, which are used to conduct an adversarial example attack in black-box scenario. This study also verifies the effectiveness of the proposed method with real data set, i.e. Jingdong shopping and Ctrip hotel review, on long short-term memory network (LSTM) and convolutional neural network (CNN). The experimental results show that the adversarial examples in this study can mislead Chinese text orientation detection system well. |
|
HTML 下载PDF全文 查看/发表评论 下载PDF阅读器 |
