关键词: 对抗攻击算法, 自然语言处理, 黑盒攻击

Abstract: The existing adversarial attack in black box scenario aims to propose an algorithm for generating adversarial examples with a higher attack success rate, which is of great significance for studying the vulnerability of the deep learning model of natural language processing and improving the robustness of the deep learning model. To solve the problem that existing anti text generation algorithms are prone to fall into local optimal solution, this paper proposes a method to improve the attack success rate by using random element and bundle search. This method uses beam search to increase the diversity of adversarial examples, and adds random element in the iterative process of searching for adversarial examples, so as to achieve the goal of making full use of synonym space to search for the optimal solution, optimize the problems that are easily trapped in the local optimal solution in the attack process, and improve the attack success rate. Experiments have shown that the algorithm R-attack proposed in this paper can effectively improve the success rate of attacks against adversarial examples.

Key words: Adversarial attack, Natural language processing, Black box attacks