| Text adversarial attacks refer to a type of attack against natural language processing models,where attackers deceive the models into making incorrect judgments by changing the input text.As text adversarial attacks and defenses continue to advance,relevant research is also continuously deepening.In the task of text sentiment classification,simple text modifications are no longer successful in attacking deep learning models.It is necessary to generate adversarial attack samples with richer variations and in line with human reading habits in order to discover vulnerabilities in the models.To tackle the increasing covert nature of adversarial attacks,it is essential to design a more rational model training approach that maximizes the effective utilization of existing non-adversarial sample datasets.Additionally,it is necessary to address the underfitting problem that arises when fitting adversarial sample datasets.Therefore,the research content of this paper is as follows:(1)To achieve more covert adversarial attacks in text sentiment classification,this paper proposes a syntax transformation adversarial sample generation model that does not rely on large-scale parallel semantic datasets and enriches the model’s output target corpus in an unsupervised way,reducing the model’s excessive attention to the input end.Compared to existing models,the adversarial samples generated by this text model have more natural semantics and a high success rate in adversarial attacks,capable of successfully attacking robust classification models(2)To address covert adversarial attacks on text sentiment classification,this paper proposes a contrastive learning classification model based on the Gaussian kernel function.The model utilizes a domain adversarial feature extractor to obtain text features.For different labeled texts,the Gaussian kernel function is used to calculate the similarity of these features.Based on this similarity,the weights of sample similarity for different labeled texts are increased in the supervised contrastive learning loss function.When fitting the non-adversarial sample training set,this model effectively reduces the influence of sentiment-irrelevant vocabulary on the model,thereby improving the robustness of the model’s classification results.(3)To tackle the underfitting problem in data augmentation defense,this paper proposes the use of contrastive learning paradigm for data augmentation adversarial defense.Taking syntax transformation as an example of adversarial defense task,supervised contrastive learning sets texts with the same label as positive examples.Building upon this,the paper introduces another pair of positive examples by paraphrasing the same sentence in different syntactical structures.This approach allows the data augmentation texts to be embedded closer to each other in the high-dimensional space of classification,serving the purpose of incorporating prior knowledge and enhancing the model’s robustness... |
PDF Full Text Request