SaTC: CORE: Small: Generalizing Adversarial Examples in Natural Language

SaTC：核心：小：概括自然语言中的对抗性示例

• 批准号: 2124538
• 负责人: Yanjun Qi
• 金额: $ 50万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-01-01 至 2024-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2124538&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Generalizing; Adversarial

Deep learning-based natural language processing (deep NLP) plays a crucial role in many security-critical domains, including advancing information understanding and analysis for healthcare, legal justice, e-commerce, and social media platforms. Consequently, it is essential to understand the robustness of deep NLP systems to adversarial attacks aimed at reducing their accuracy and security. To combat these attacks, this project introduces techniques to automatically evaluate and improve the adversarial robustness of deep NLP frameworks, as well as tools and datasets that can serve as useful community benchmarks and research resources. This topic is a new and exciting area that can contribute to multiple disciplines, including adversarial machine learning, natural language processing, and software testing; the project will support several graduate students in receiving advanced, interdisciplinary training in these areas.This award defines adversarial text examples as inputs to a deep NLP system that are maliciously designed to fool a predictive deep NLP model towards wrong predictions while simultaneously satisfying language-oriented constraints. The goal is to investigate the interplay between deep NLP and adversarial robustness in three dependent tasks. The first task is to build a comprehensive benchmark for generating adversarial text inputs across multiple NLP formulations. A library, TextAttack, will help researchers gauge their NLP models' robustness and provide a unified framework for attack designers to benchmark their attacks against the current state-of-the-art. The second task investigates the robustness of interpretation strategies in deep NLP and designs generalized adversarial text to reveal vulnerabilities in NLP interpretations. The third task adapts work from software testing to create criteria that define when an adequate set of adversarial text examples has been generated. In summary, this project studies how to evaluate the robustness of state-of-the-art NLP systems against an adversary and develop techniques to achieve both robust predictions and robust interpretations in deep NLP.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

基于深度学习的自然语言处理（Deep NLP）在许多关键安全领域中都起着至关重要的作用，包括在医疗保健，法律司法，电子商务和社交媒体平台上推进信息理解和分析。 因此，必须了解深度NLP系统的鲁棒性，以降低其准确性和安全性。为了打击这些攻击，该项目介绍了自动评估和改善深NLP框架的对抗性鲁棒性的技术，以及可以用作有用的社区基准和研究资源的工具和数据集。该主题是一个新的令人兴奋的领域，可以促进多个学科，包括对抗机器学习，自然语言处理和软件测试；该项目将支持几位研究生在这些领域接受高级，跨学科的培训。该奖项将对抗性文本示例定义为对深度NLP系统的输入，这些示例是恶意设计的，旨在欺骗一个预测性的深层NLP模型，同时满足面向语言的约束。 目的是研究三个依赖任务中深NLP和对抗性鲁棒性之间的相互作用。第一个任务是构建一个综合基准，用于在多个NLP公式中生成对抗文本输入。图书馆TextAttack将帮助研究人员评估其NLP模型的鲁棒性，并为攻击设计师提供一个统一的框架，以对其针对当前最新技术的攻击进行基准攻击。第二个任务调查了深NLP中解释策略的鲁棒性，并设计了广义的对抗文本，以揭示NLP解释中的脆弱性。第三个任务从软件测试中调整了工作，以创建标准，以定义何时生成足够的对抗文本示例。总而言之，该项目研究了如何评估最先进的NLP系统针对对手的鲁棒性，并开发技术以实现Deep NLP中的强大预测和强大的解释。该奖项反映了NSF的法定任务，并通过评估该基金会的知识分子功能和广泛的影响来评估NSF的法定任务。