| Based on the current research status of textual adversarial attacks and the problems of existing attack methods,this thesis studies the task of word-level textual adversarial attacks for black-box scenarios and proposes the Sememe-GQPSO method,which introduces a Gaussian distribution to improve the attack efficiency.In addition,to address the effectiveness of static text adversarial methods under dynamic models,this thesis proposes a new research task,experimental methods and evaluation metrics,and verifies the necessity of conducting research on this task and the effectiveness of the experimental methods and evaluation metrics through experiments.Finally,this thesis designs and implements a visualization system for textual adversarial attacks,which provides an experimental platform for general users and researchers to explore the mechanism of textual adversarial attacks.The main work of this thesis is as follows:A novel textual adversarial attack task called dynamic attack is proposed in this thesis,aiming to investigate whether the original performance of static textual adversarial methods under dynamic models can be maintained.To address this issue,this thesis defines the task,designs a new experimental approach,and proposes three new evaluation metrics to quantify the degree of performance degradation of static textual adversarial methods in this task.Extensive experiments show that dynamic models can significantly affect the effectiveness of static adversarial samples,leading to a significant degradation of attack performance.At the same time,the proposed new evaluation metrics can effectively measure the ability of static adversarial methods to cope with dynamic models.Among them,higher individual dynamic attack success rate indicates that the adversarial sample is more suitable for the current victim dynamic model;higher sustained dynamic attack success rate indicates that the adversarial sample has stronger persistent attack capability against the victim model;and higher overall dynamic attack success rate indicates that the adversarial sample is of higher quality and more harmful to the victim model.The results of this study contribute to a deeper understanding of the mechanism of textual adversarial attacks and provide new directions and challenges for the study of textual adversarial attacks.This thesis proposes a new textual adversarial attack task that aims to investigate whether the original performance of static textual adversarial methods under dynamic models can be maintained.To address this issue,this thesis defines the task,designs a new experimental approach,and proposes three new evaluation metrics to quantify the degree of performance degradation of static textual adversarial methods in this task.Extensive experiments show that dynamic models can significantly affect the effectiveness of static adversarial samples,leading to a significant degradation of attack performance.At the same time,the proposed new evaluation metrics can effectively measure the ability of static adversarial methods to cope with dynamic models.Among them,higher individual dynamic attack success rate indicates that the adversarial sample is more suitable for the current victim dynamic model;higher sustained dynamic attack success rate indicates that the adversarial sample has stronger persistent attack capability against the victim model;and higher overall dynamic attack success rate indicates that the adversarial sample is of higher quality and more harmful to the victim model.The results of this study contribute to a deeper understanding of the mechanism of textual adversarial attacks and provide new directions and challenges for the study of textual adversarial attacks.A visualization system for textual adversarial attacks is designed and implemented in this thesis.The system is built based on Django framework and My SQL database,incorporating the relevant contents of this thesis,including five major system functions: adversarial sample generation,model robustness testing,custom sample dynamic attack,sample manual evaluation and related content introduction.In this thesis,we analyzed the requirements of the system,and then proceeded to design and implement the system.The implementation and testing results show that the system successfully achieves the design requirements and has excellent features such as easy to operate,cross-platform,and comprehensive functionality.The system can effectively reduce the threshold of understanding textual adversarial attacks for ordinary users and provide an experimental platform for researchers to facilitate the exploration of textual adversarial attack mechanisms and methods,which is beneficial to the development of academic research on textual adversarial.In summary,this thesis proposed a new word-level textual adversarial method and a new textual adversarial attack task for the textual adversarial attack problem,and implemented a textual adversarial visualization system.After experimental and application tests,the effectiveness of the proposed method,the necessity of the new task and the versatility of the system were demonstrated. |
PDF Full Text Request