How Far Are We from Real Synonym Substitution Attacks?

Add code
Oct 06, 2022
Cheng-Han Chiang, Hung-yi Lee
Figure 1 for How Far Are We from Real Synonym Substitution Attacks?
Figure 2 for How Far Are We from Real Synonym Substitution Attacks?
Figure 3 for How Far Are We from Real Synonym Substitution Attacks?
Figure 4 for How Far Are We from Real Synonym Substitution Attacks?

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

In this paper, we explore the following question: how far are we from real synonym substitution attacks (SSAs). We approach this question by examining how SSAs replace words in the original sentence and show that there are still unresolved obstacles that make current SSAs generate invalid adversarial samples. We reveal that four widely used word substitution methods generate a large fraction of invalid substitution words that are ungrammatical or do not preserve the original sentence's semantics. Next, we show that the semantic and grammatical constraints used in SSAs for detecting invalid word replacements are highly insufficient in detecting invalid adversarial samples. Our work is an important stepping stone to constructing better SSAs in the future.

* Preprint, work in progress  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon