Summary of Hqa-attack: Toward High Quality Black-box Hard-label Adversarial Attack on Text, by Han Liu et al.
HQA-Attack: Toward High Quality Black-Box Hard-Label Adversarial Attack on Text
by Han Liu, Zhi Xu, Xiaotong Zhang, Feng Zhang, Fenglong Ma, Hongyang Chen, Hong Yu, Xianchao Zhang
First submitted to arxiv on: 2 Feb 2024
Categories
- Main: Computation and Language (cs.CL)
- Secondary: Artificial Intelligence (cs.AI)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary In this paper, researchers tackle the challenging problem of generating high-quality textual adversarial examples under black-box hard-label attack scenarios. Traditional methods rely on complex algorithms or unreliable gradient estimation strategies, leading to local optima and limited query budgets. To overcome these issues, the authors propose a simple yet effective framework called HQA-Attack, which efficiently generates textual adversarial examples with high semantic similarity and low perturbation rates. The method initializes an example randomly, then iteratively substitutes original words with synonyms while optimizing for semantic similarity and adversarial conditions. Experimental results on multiple text classification, natural language inference, and real-world APIs demonstrate the superiority of HQA-Attack over strong baselines. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary The researchers developed a way to trick AI models into making wrong predictions by creating fake text that looks similar but is different. They did this by starting with random text and then changing words until they got an answer from the model that was incorrect. They repeated this process many times, always choosing new words that were close to the original ones. This made it hard for the model to detect the changes and allowed them to create fake text that was very similar but not exactly the same. |
Keywords
» Artificial intelligence » Inference » Text classification
