Attention-Based Genetic Algorithm for Adversarial Attack in Natural Language Processing

Many recent studies have shown that deep neural networks (DNNs) are vulnerable to adversarial examples. Adversarial attacks on DNNs for natural language processing tasks are notoriously more challenging than that in computer vision. This paper proposes an attention-based genetic algorithm (dubbed AGA) for generating adversarial examples under a black-box setting. In particular, the attention mechanism helps identify the relatively more important words in a given text. Based on this information, bespoke crossover and mutation operators are developed to navigate AGA to focus on exploiting relatively more important words thus leading to a save of computational resources. Experiments on three widely used datasets demonstrate that AGA achieves a higher success rate with less than 48% of the number of queries than the peer algorithms. In addition, the underlying DNN can become more robust by using the adversarial examples obtained by AGA for adversarial training.