Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

JonRusert/SampleShielding

BranchesTags
Open more actions menu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
4 Commits
code
code
 
 
data
data
 
 
README.md
README.md
 
 

Repository files navigation

Code and data for "Don’t sweat the small stuff, classify the rest: Sample Shielding to protect text classifiers against adversarial attacks"

NAACL 2022

Paper: https://aclanthology.org/2022.naacl-main.195/

Video Presentation: https://www.youtube.com/watch?v=4d2ykfGt6fI

Citation:

@inproceedings{rusert-srinivasan-2022-dont,
    title = "Don{'}t sweat the small stuff, classify the rest: Sample Shielding to protect text classifiers against adversarial attacks",
    author = "Rusert, Jonathan  and
      Srinivasan, Padmini",
    editor = "Carpuat, Marine  and
      de Marneffe, Marie-Catherine  and
      Meza Ruiz, Ivan Vladimir",
    booktitle = "Proceedings of the 2022 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies",
    month = jul,
    year = "2022",
    address = "Seattle, United States",
    publisher = "Association for Computational Linguistics",
    url = "https://aclanthology.org/2022.naacl-main.195/",
    doi = "10.18653/v1/2022.naacl-main.195",
    pages = "2716--2725",
    abstract = "Deep learning (DL) is being used extensively for text classification. However, researchers have demonstrated the vulnerability of such classifiers to adversarial attacks. Attackers modify the text in a way which misleads the classifier while keeping the original meaning close to intact. State-of-the-art (SOTA) attack algorithms follow the general principle of making minimal changes to the text so as to not jeopardize semantics. Taking advantage of this we propose a novel and intuitive defense strategy called Sample Shielding.It is attacker and classifier agnostic, does not require any reconfiguration of the classifier or external resources and is simple to implement. Essentially, we sample subsets of the input text, classify them and summarize these into a final decision. We shield three popular DL text classifiers with Sample Shielding, test their resilience against four SOTA attackers across three datasets in a realistic threat setting. Even when given the advantage of knowing about our shielding strategy the adversary{'}s attack success rate is {\ensuremath{<}}=10{\%} with only one exception and often {\ensuremath{<}} 5{\%}. Additionally, Sample Shielding maintains near original accuracy when applied to original texts. Crucially, we show that the `make minimal changes' approach of SOTA attackers leads to critical vulnerabilities that can be defended against with an intuitive sampling strategy."
}

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages
Morty Proxy This is a proxified and sanitized view of the page, visit original site.