Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations

Lukas Huber; Marc Alexander Kühn; Edoardo Mosca; Georg Groh

Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations

Lukas Huber, Marc Alexander Kühn, Edoardo Mosca, Georg Groh

Informatics 25 - Chair of Data Science and Engineering

Technical University of Munich

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

14 Scopus citations

Abstract

State-of-the-art machine learning models are prone to adversarial attacks: Maliciously crafted inputs to fool the model into making a wrong prediction, often with high confidence. While defense strategies have been extensively explored in the computer vision domain, research in natural language processing still lacks techniques to make models resilient to adversarial text inputs. We adapt a technique from computer vision to detect word-level attacks targeting text classifiers. This method relies on training an adversarial detector leveraging Shapley additive explanations and outperforms the current state-of-the-art on two benchmarks. Furthermore, we prove the detector requires only a low amount of training samples and, in some cases, generalizes to different datasets without needing to retrain.

Original language	English
Title of host publication	ACL 2022 - 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 - Proceedings of the Workshop
Publisher	Association for Computational Linguistics (ACL)
Pages	156-166
Number of pages	11
ISBN (Electronic)	9781955917483
State	Published - 2022
Event	7th Workshop on Representation Learning for NLP, RepL4NLP 2022 at ACL 2022 - Dublin, Ireland Duration: 26 May 2022 → …

Publication series

Name	Proceedings of the Annual Meeting of the Association for Computational Linguistics
ISSN (Print)	0736-587X

Conference

Conference	7th Workshop on Representation Learning for NLP, RepL4NLP 2022 at ACL 2022
Country/Territory	Ireland
City	Dublin
Period	26/05/22 → …

Cite this

Huber, L., Kühn, M. A., Mosca, E., & Groh, G. (2022). Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations. In ACL 2022 - 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 - Proceedings of the Workshop (pp. 156-166). (Proceedings of the Annual Meeting of the Association for Computational Linguistics). Association for Computational Linguistics (ACL).

Huber, Lukas ; Kühn, Marc Alexander ; Mosca, Edoardo et al. / Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations. ACL 2022 - 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 - Proceedings of the Workshop. Association for Computational Linguistics (ACL), 2022. pp. 156-166 (Proceedings of the Annual Meeting of the Association for Computational Linguistics).

@inproceedings{565f999f7b0448a3b2821497692ad4b7,

title = "Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations",

abstract = "State-of-the-art machine learning models are prone to adversarial attacks: Maliciously crafted inputs to fool the model into making a wrong prediction, often with high confidence. While defense strategies have been extensively explored in the computer vision domain, research in natural language processing still lacks techniques to make models resilient to adversarial text inputs. We adapt a technique from computer vision to detect word-level attacks targeting text classifiers. This method relies on training an adversarial detector leveraging Shapley additive explanations and outperforms the current state-of-the-art on two benchmarks. Furthermore, we prove the detector requires only a low amount of training samples and, in some cases, generalizes to different datasets without needing to retrain.",

author = "Lukas Huber and K{\"u}hn, {Marc Alexander} and Edoardo Mosca and Georg Groh",

note = "Publisher Copyright: {\textcopyright} 2022 Association for Computational Linguistics.; 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 at ACL 2022 ; Conference date: 26-05-2022",

year = "2022",

language = "English",

series = "Proceedings of the Annual Meeting of the Association for Computational Linguistics",

publisher = "Association for Computational Linguistics (ACL)",

pages = "156--166",

booktitle = "ACL 2022 - 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 - Proceedings of the Workshop",

}

Huber, L, Kühn, MA, Mosca, E & Groh, G 2022, Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations. in ACL 2022 - 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 - Proceedings of the Workshop. Proceedings of the Annual Meeting of the Association for Computational Linguistics, Association for Computational Linguistics (ACL), pp. 156-166, 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 at ACL 2022, Dublin, Ireland, 26/05/22.

Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations. / Huber, Lukas; Kühn, Marc Alexander; Mosca, Edoardo et al.
ACL 2022 - 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 - Proceedings of the Workshop. Association for Computational Linguistics (ACL), 2022. p. 156-166 (Proceedings of the Annual Meeting of the Association for Computational Linguistics).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations

AU - Huber, Lukas

AU - Kühn, Marc Alexander

AU - Mosca, Edoardo

AU - Groh, Georg

PY - 2022

Y1 - 2022

N2 - State-of-the-art machine learning models are prone to adversarial attacks: Maliciously crafted inputs to fool the model into making a wrong prediction, often with high confidence. While defense strategies have been extensively explored in the computer vision domain, research in natural language processing still lacks techniques to make models resilient to adversarial text inputs. We adapt a technique from computer vision to detect word-level attacks targeting text classifiers. This method relies on training an adversarial detector leveraging Shapley additive explanations and outperforms the current state-of-the-art on two benchmarks. Furthermore, we prove the detector requires only a low amount of training samples and, in some cases, generalizes to different datasets without needing to retrain.

AB - State-of-the-art machine learning models are prone to adversarial attacks: Maliciously crafted inputs to fool the model into making a wrong prediction, often with high confidence. While defense strategies have been extensively explored in the computer vision domain, research in natural language processing still lacks techniques to make models resilient to adversarial text inputs. We adapt a technique from computer vision to detect word-level attacks targeting text classifiers. This method relies on training an adversarial detector leveraging Shapley additive explanations and outperforms the current state-of-the-art on two benchmarks. Furthermore, we prove the detector requires only a low amount of training samples and, in some cases, generalizes to different datasets without needing to retrain.

UR - http://www.scopus.com/inward/record.url?scp=85149150357&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85149150357

T3 - Proceedings of the Annual Meeting of the Association for Computational Linguistics

SP - 156

EP - 166

BT - ACL 2022 - 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 - Proceedings of the Workshop

PB - Association for Computational Linguistics (ACL)

T2 - 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 at ACL 2022

Y2 - 26 May 2022

ER -

Huber L, Kühn MA, Mosca E, Groh G. Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations. In ACL 2022 - 7th Workshop on Representation Learning for NLP, RepL4NLP 2022 - Proceedings of the Workshop. Association for Computational Linguistics (ACL). 2022. p. 156-166. (Proceedings of the Annual Meeting of the Association for Computational Linguistics).

Detecting Word-Level Adversarial Text Attacks via SHapley Additive exPlanations

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this