TY - JOUR AU - AB - The Thirty-Fourth AAAI Conference on Artificial Intelligence (AAAI-20) Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment 1∗ 2∗ 3 1 Di Jin, Zhijing Jin, Joey Tianyi Zhou, Peter Szolovits Computer Science & Artificial Intelligence Laboratory, MIT University of Hong Kong A*STAR, Singapore {jindi15, psz}@mit.edu, zhijing.jin@connect.hku.hk, zhouty@ihpc.a-star.edu.sg Abstract deal with text data due to its discrete nature. Formally, be- sides the ability to fool the target models, outputs of a natural Machine learning algorithms are often vulnerable to adver- language attacking system should also meet three key utility- sarial examples that have imperceptible alterations from the preserving properties: (1) human prediction consistency— original counterparts but can fool the state-of-the-art mod- prediction by humans should remain unchanged, (2) seman- els. It is helpful to evaluate or even improve the robustness tic similarity—the crafted example should bear the same of these models by exposing the maliciously crafted adver- meaning as the source, as judged by humans, and (3) lan- sarial examples. In this paper, we present TEXTFOOLER,a simple but strong baseline to generate adversarial text. By guage fluency—generated examples should look natural and applying it to two fundamental natural language tasks, text grammatical. Previous TI - Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment JF - Proceedings of the AAAI Conference on Artificial Intelligence DO - 10.1609/aaai.v34i05.6311 DA - 2020-04-03 UR - https://www.deepdyve.com/lp/unpaywall/is-bert-really-robust-a-strong-baseline-for-natural-language-attack-on-cWemInoXnL DP - DeepDyve ER -