Learning to Ignore Adversarial Attacks

Yiming Zhang, Yangqiaoyu Zhou, Samuel Carton, Chenhao Tan


Abstract
Despite the strong performance of current NLP models, they can be brittle against adversarial attacks. To enable effective learning against adversarial inputs, we introduce the use of rationale models that can explicitly learn to ignore attack tokens. We find that the rationale models can successfully ignore over 90% of attack tokens. This approach leads to consistent sizable improvements (~10%) over baseline models in robustness on three datasets for both BERT and RoBERTa, and also reliably outperforms data augmentation with adversarial examples alone. In many cases, we find that our method is able to close the gap between model performance on a clean test set and an attacked test set and hence reduce the effect of adversarial attacks.
Anthology ID:
2023.eacl-main.216
Volume:
Proceedings of the 17th Conference of the European Chapter of the Association for Computational Linguistics
Month:
May
Year:
2023
Address:
Dubrovnik, Croatia
Editors:
Andreas Vlachos, Isabelle Augenstein
Venue:
EACL
SIG:
Publisher:
Association for Computational Linguistics
Note:
Pages:
2970–2984
Language:
URL:
https://aclanthology.org/2023.eacl-main.216
DOI:
10.18653/v1/2023.eacl-main.216
Bibkey:
Cite (ACL):
Yiming Zhang, Yangqiaoyu Zhou, Samuel Carton, and Chenhao Tan. 2023. Learning to Ignore Adversarial Attacks. In Proceedings of the 17th Conference of the European Chapter of the Association for Computational Linguistics, pages 2970–2984, Dubrovnik, Croatia. Association for Computational Linguistics.
Cite (Informal):
Learning to Ignore Adversarial Attacks (Zhang et al., EACL 2023)
Copy Citation:
PDF:
https://aclanthology.org/2023.eacl-main.216.pdf
Video:
 https://aclanthology.org/2023.eacl-main.216.mp4