| 王文琦,汪润,王丽娜,唐奔宵.面向中文文本倾向性分类的对抗样本生成方法.软件学报,2019,30(8):0 |
| 面向中文文本倾向性分类的对抗样本生成方法 |
| Adversarial Examples Generation Approach for Tendency Classification on Chinese Texts |
| 投稿时间:2018-05-31 修订日期:2018-09-21 |
| DOI:10.13328/j.cnki.jos.005765 |
| 中文关键词: 中文文本 对抗样本 深度学习模型 重要性计算函数 黑盒 |
| 英文关键词:Chinese text adversarial examples deep learning models score function black box |
| 基金项目:国家自然科学基金(61876134);国家重点研发计划(2016YFB0801100);中央高校基本科研业务费专项资金资助项目(No.2042018kf1028) |
|
| 摘要点击次数: 426 |
| 全文下载次数: 301 |
| 中文摘要: |
| 研究表明在深度神经网络(DNN)的输入中添加小的扰动信息能够使得DNN出现误判,这种攻击被称为对抗样本攻击.本文发现对抗样本攻击存在于基于DNN的中文文本的情感倾向性检测中,提出了一种面向中文文本的对抗样本生成方法WordHanding.该方法设计了新的词语重要性计算算法,并用同音词替换以生成对抗样本,用于在黑盒情况下实施对抗样本攻击.本文采用真实的数据集(京东购物评论和携程酒店评论),在长短记忆网络(LSTM)和卷积神经网络(CNN)等两种DNN模型上验证文中方法的有效性.实验结果表明,本文生成的对抗样本能很好的误导中文文本的倾向性检测系统. |
| 英文摘要: |
| Studies have shown that the adversarial example attack is that small perturbations are added on the input to make deep neural network (DNN) misbehave.As far as we know,this paper finds adversarial example attacks exiting in Chinese text sentiment orientation classification based on DNN and proposes a "WordHandling" method.This method designs a new algorithm aiming at calculating important words.Then the words are replaced with homonym.to generate adversarial examples,which are used to conduct an adversarial example attack in black-box scenario.This paper verifies the effectiveness of the proposed method with real data set,i.e.Jingdong shopping and Ctrip hotel review,on long short-term memory network (LSTM) and convolutional neural network (CNN).The experimental results show that the adversarial examples in this paper can mislead Chinese text orientation detection system well. |
|
HTML 下载PDF全文 查看/发表评论 下载PDF阅读器 |
