Research On Adversarial Attacks For Graph Data And Text Data In Deep Learning

The rapid development of deep learning models has brought unprecedented convenience to life,and various life-oriented and industrialized intelligent interactive applications are closely related to it.People who live based on smart applications are surrounded by complicated information and are easily misled by false information carefully designed by criminals.Graph data and text data are the two most common types of information carriers in information technology.The deep learning models they rely on are vulnerable to malicious attacks by criminals.By generating adversarial samples to mislead the model’s judgment and produce wrong prediction results.In order to develop a more defensive deep learning reinforcement model,use adversarial attack technology to discover its existing loopholes,and improve and optimize the model in time to prevent future attacks,researchers have proposed a large number of adversarial attack methods.However,the existing attack methods usually only consider the attack and defense of the general model in the white-box scenario,which lacks practicability and transferability.At the same time,it ignores the fact that attackers have limited permissions in real application scenarios.Therefore,this paper proposes two adversarial attack frameworks applied to different data:(1)In the case of the existing graph neural network escape attack against the black box of the sample,the gradient information is mainly used as a reference for node injection,and the generated attribute characteristics are easy to be detected,and the performance and time efficiency need to be further improved.To this end,this paper proposes a deep reinforcement learning attack method DRL-IAA under the black-box setting.This method regards the escape attack as a Markov decisionmaking process,designs a new objective function and introduces a deep graph attention network to generate pseudo-node features,injects the pseudo-nodes into the clean graph by the edge sampler,and uses the deep reinforcement learning algorithm Get better confrontation data after training.In this paper,relevant comparative experiments are carried out on four benchmark datasets of the graph neural network classification model.Experimental results show that compared with other attack algorithms,the proposed attack method can generate more effective adversarial samples to mislead the judgment of the classifier and reduce the classification accuracy;it is also better than other models in terms of overall time efficiency.(2)Existing word-level text adversarial attack algorithms mainly use the method of synonym replacement.Usually,the greedy search method based on the gradient is used to find the optimal adversarial sample.The success rate of the attack needs to be further improved,and the quality of the generated adversarial samples is not high.To this end,this paper proposes a sememe-level text adversarial attack method SSAtk using improved sparrow search.This method combines the Open How Net corpus to construct a candidate word search space,efficiently locates the optimal candidate word through the improved sparrow search algorithm,and effectively solves the problem that the word-level text adversarial attack algorithm is prone to fall into local optimum,the search is not comprehensive enough,and the ideal cannot be searched.The problem with replacing samples.This paper conducts comparative experiments on three benchmark data sets of text classification tasks.The experimental results show that in the prediction tasks using LSTM and BERT base as the victim model,compared with the performance of the current mainstream word-level text adversarial attack algorithms,the results proposed in this paper are The proposed algorithm outperforms other models in terms of success rate and sample quality.