Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment

Jin, Di; Jin, Zhijing; Zhou, Joey Tianyi; Szolovits, Peter

doi:10.1609/aaai.v34i05.6311

articleProceedings of the AAAI Conference on Artificial IntelligenceApr 3, 2020DIAMOND OA

Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment

DJDi Jin ZJZhijing Jin JTJoey Tianyi Zhou PSPeter Szolovits

Moscow Institute of Thermal Technology · University of Hong Kong · +1 more institution

Indexed incrossref

Abstract

Machine learning algorithms are often vulnerable to adversarial examples that have imperceptible alterations from the original counterparts but can fool the state-of-the-art models. It is helpful to evaluate or even improve the robustness of these models by exposing the maliciously crafted adversarial examples. In this paper, we present TextFooler, a simple but strong baseline to generate adversarial text. By applying it to two fundamental natural language tasks, text classification and textual entailment, we successfully attacked three target models, including the powerful pre-trained BERT, and the widely used convolutional and recurrent neural networks. We demonstrate three advantages of this framework: (1)…

Citation impact

859

total citations

FWCI: 62.04
Percentile: 100%
References: 33

Citations per year

Authors

4

Topics & keywords

Topics

Keywords

Adversarial system
Computer science
Grammaticality
Artificial intelligence
Robustness (evolution)
Baseline (sea)
Natural language processing
Textual entailment

UN Sustainable Development Goals

Quality Education

No related works found for this paper.