MINIMAL: Mining Models for Universal Adversarial Triggers

Yaman Kumar Singla; Swapnil Parekh; Somesh Singh; Changyou Chen; Balaji Krishnamurthy; Rajiv Ratn Shah

doi:10.1609/aaai.v36i10.21384

Authors

Yaman Kumar Singla Adobe Media Data Science Research SUNY at Buffalo Indraprastha Institute of Information Technology, Delhi
Swapnil Parekh New York University
Somesh Singh IIIT Delhi
Changyou Chen University at Buffalo
Balaji Krishnamurthy Adobe Media Data Science Research
Rajiv Ratn Shah IIIT Delhi

DOI:

https://doi.org/10.1609/aaai.v36i10.21384

Keywords:

Speech & Natural Language Processing (SNLP), Machine Learning (ML), Data Mining & Knowledge Management (DMKM)

Abstract

It is well known that natural language models are vulnerable to adversarial attacks, which are mostly input-specific in nature. Recently, it has been shown that there also exist input-agnostic attacks in NLP models, called universal adversarial triggers. However, existing methods to craft universal triggers are data intensive. They require large amounts of data samples to generate adversarial triggers, which are typically inaccessible by attackers. For instance, previous works take 3000 data samples per class for the SNLI dataset to generate adversarial triggers. In this paper, we present a novel data-free approach, MINIMAL, to mine input-agnostic adversarial triggers from models. Using the triggers produced with our data-free algorithm, we reduce the accuracy of Stanford Sentiment Treebank’s positive class from 93.6% to 9.6%. Similarly, for the Stanford Natural LanguageInference (SNLI), our single-word trigger reduces the accuracy of the entailment class from 90.95% to less than 0.6%. Despite being completely data-free, we get equivalent accuracy drops as data-dependent methods

MINIMAL: Mining Models for Universal Adversarial Triggers

Authors

DOI:

Keywords:

Abstract

Downloads

Published

How to Cite

Issue

Section

Information

Developed By

Subscription