Learning-based Hybrid Local Search for the Hard-label Textual Attack. (arXiv:2201.08193v1 [cs.CL])

Deep neural networks are vulnerable to adversarial examples in Natural
Language Processing. However, existing textual adversarial attacks usually
utilize the gradient or prediction confidence to generate adversarial examples,
making it hard to be deployed in real-world applications. To this end, we
consider a rarely investigated but more rigorous setting, namely hard-label
attack, in which the attacker could only access the prediction label. In
particular, we find that the changes on prediction label caused by word
substitutions on the adversarial example …

arxiv hybrid learning search