EvaLDA: Efficient Evasion Attacks Towards Latent Dirichlet Allocation

Add code
Dec 09, 2020
Qi Zhou, Haipeng Chen, Yitao Zheng, Zhen Wang
Figure 1 for EvaLDA: Efficient Evasion Attacks Towards Latent Dirichlet Allocation
Figure 2 for EvaLDA: Efficient Evasion Attacks Towards Latent Dirichlet Allocation
Figure 3 for EvaLDA: Efficient Evasion Attacks Towards Latent Dirichlet Allocation
Figure 4 for EvaLDA: Efficient Evasion Attacks Towards Latent Dirichlet Allocation

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

As one of the most powerful topic models, Latent Dirichlet Allocation (LDA) has been used in a vast range of tasks, including document understanding, information retrieval and peer-reviewer assignment. Despite its tremendous popularity, the security of LDA has rarely been studied. This poses severe risks to security-critical tasks such as sentiment analysis and peer-reviewer assignment that are based on LDA. In this paper, we are interested in knowing whether LDA models are vulnerable to adversarial perturbations of benign document examples during inference time. We formalize the evasion attack to LDA models as an optimization problem and prove it to be NP-hard. We then propose a novel and efficient algorithm, EvaLDA to solve it. We show the effectiveness of EvaLDA via extensive empirical evaluations. For instance, in the NIPS dataset, EvaLDA can averagely promote the rank of a target topic from 10 to around 7 by only replacing 1% of the words with similar words in a victim document. Our work provides significant insights into the power and limitations of evasion attacks to LDA models.

* Accepted for publication at AAAI'2021. 10 pages  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon