Contextualized Perturbation for Textual Adversarial Attack, NAACL 2021

Related tags

Deep Learning CLARE
Overview

Contextualized Perturbation for Textual Adversarial Attack

Introduction

This is a PyTorch implementation of Contextualized Perturbation for Textual Adversarial Attack by Dianqi Li, Yizhe Zhang, Hao Peng, Liqun Chen, Chris Brockett, Ming-Ting Sun and Bill Dolan, NAACL 2021.

A third-party implementation of CLARE is available in the TextAttack.

Environment

The code is based on python 3.6, tensorflow 1.14 and Pytorch 1.4.0 version. The code is developed and tested using one NVIDIA GTX 1080Ti.

Please use Conda to setup your environment, and then run

conda install -y pytorch==1.4.0 torchvision==0.5.0 cudatoolkit=10.1 -c pytorch

bash install_requirement.sh

Data Preparation and Pretrained Classifier

You can download pretrained target classifier and full training data in here (Coming soon). Alternatively, you can prepare you own training set in the same format as the example under /data/training_data/${dataset}/dataset/. The format will look like:

label text1 text2
2 At the end of 5 years ... The healthcare agency will be able ...

For single sentence classification, there is an empty field in text2.

After this, please run:

python train_BERT_classifier.py --dataset ${dataset} --save_model.

It will save pretrained classifer under the director: /saved_model/${dataset}_uncased/. The default target classifer is bert, you can train other types by setting extra argument: --target_model textcnn. Please check out the arguments in config.py for more details.

The text samples to be attacked are store in /data/${dataset}.tsv with the same format.

Textual Adversarial Attack

Simply run:

python bert_attack_classification.py --dataset ${dataset} --sample_file ${dataset}

and it will save the results under /adv_results/.

To attack qnli dataset, please add an argument --attack_second as we attack the longer sentence in two-sentence classification.

You can also modify the attacking hyper-parameters in hyper_parameters.py to adjust the trade-off between different aspects. Other details can be refered in config.py.

To run the attack from the baseline textfooler:

python attack_classification.py --dataset ${dataset} --sample_file ${dataset}

Citing

if you find our work is useful in your research, please consider citing:

@InProceedings{li2021contextualized,
  title={Contextualized perturbation for textual adversarial attack},
  author={Li, Dianqi and Zhang, Yizhe and Peng, Hao and Chen, Liqun and Brockett, Chris and Sun, Ming-Ting and Dolan, Bill},
  booktitle={Proceedings of the Conference of the North American Chapter of the Association for Computational Linguistics},
  year={2021}
}
You might also like...
[NAACL & ACL 2021] SapBERT: Self-alignment pretraining for BERT.
[NAACL & ACL 2021] SapBERT: Self-alignment pretraining for BERT.

SapBERT: Self-alignment pretraining for BERT This repo holds code for the SapBERT model presented in our NAACL 2021 paper: Self-Alignment Pretraining

Self-training with Weak Supervision (NAACL 2021)
Self-training with Weak Supervision (NAACL 2021)

This repo holds the code for our weak supervision framework, ASTRA, described in our NAACL 2021 paper: "Self-Training with Weak Supervision"

Code for NAACL 2021 full paper "Efficient Attentions for Long Document Summarization"

LongDocSum Code for NAACL 2021 paper "Efficient Attentions for Long Document Summarization" This repository contains data and models needed to reprodu

Paddle implementation for "Highly Efficient Knowledge Graph Embedding Learning with Closed-Form Orthogonal Procrustes Analysis" (NAACL 2021)

ProcrustEs-KGE Paddle implementation for Highly Efficient Knowledge Graph Embedding Learning with Orthogonal Procrustes Analysis 🙈 A more detailed re

Paddle implementation for "Cross-Lingual Word Embedding Refinement by ℓ1 Norm Optimisation" (NAACL 2021)

L1-Refinement Paddle implementation for "Cross-Lingual Word Embedding Refinement by ℓ1 Norm Optimisation" (NAACL 2021) 🙈 A more detailed readme is co

Source code for NAACL 2021 paper
Source code for NAACL 2021 paper "TR-BERT: Dynamic Token Reduction for Accelerating BERT Inference"

TR-BERT Source code and dataset for "TR-BERT: Dynamic Token Reduction for Accelerating BERT Inference". The code is based on huggaface's transformers.

Open-Ended Commonsense Reasoning (NAACL 2021)
Open-Ended Commonsense Reasoning (NAACL 2021)

Open-Ended Commonsense Reasoning Quick links: [Paper] | [Video] | [Slides] | [Documentation] This is the repository of the paper, Differentiable Open-

Pytorch implementation of Supporting Clustering with Contrastive Learning, NAACL 2021

Supporting Clustering with Contrastive Learning SCCL (NAACL 2021) Dejiao Zhang, Feng Nan, Xiaokai Wei, Shangwen Li, Henghui Zhu, Kathleen McKeown, Ram

✅ How Robust are Fact Checking Systems on Colloquial Claims?. In NAACL-HLT, 2021.
✅ How Robust are Fact Checking Systems on Colloquial Claims?. In NAACL-HLT, 2021.

How Robust are Fact Checking Systems on Colloquial Claims? Official PyTorch implementation of our NAACL paper: Byeongchang Kim*, Hyunwoo Kim*, Seokhee

Comments
  • Approximate time required per attack?

    Approximate time required per attack?

    Hi, Thank you for the awesome work!

    Do you have an estimate of how much time is required per attack on one of the dataset?
    I was using the implemented version of CLARE in TextAttack and found out that it took a substantial amount of time to generate attacks. Around several hours on 1080Ti to generate < 100 attack samples. I am wondering if this is an expected behavior (given that ROBERTa is forwarded multiple times)? or an implementation issue on their side?

    Thanks!

    opened by bangawayoo 1
  • Could you add the pretrained target classifier and full training data?

    Could you add the pretrained target classifier and full training data?

    Hi, thanks for this wonderful work. I can't get the same results with my pretrained model, could you add your pretrained target classifier or full training data? That will be very helpful.

    opened by yuxy411 1
  • cannot install language-check & language-check's version's too old, and their solution

    cannot install language-check & language-check's version's too old, and their solution

    Problem1: can't install language-check. In installing the dependencies of CLARE, I faced a problem: ERROR: Failed building wheel for language-check, and terminal in Linux said: urllib.error.HTTPError: HTTP Error 403: Forbidden.

    Problem2: the project of language-check is too old as it's latest update is in 3 years ago, so it cannot work well today. It is stuck on Java 8 and LanguageTool 3.2, and today's Java's version is up to 15 as well as LanguageTool's version is 5.5.

    Solution of 1&2: not use language-check but use language_tool_python instead.

    (1) language_tool_python is a new fork of language-check over at https://github.com/jxmorris12/language_tool_python. As it's contributor jxmorris12 said in issues in language-check:"Since this project has been abandoned...".

    (2) Latest versions of language_tool_python are Java 14 and LanguageTool 5.5. And it's installation won't cause HTTP Error 403!

    (3) Now it can replace language-check, because their API is very close.

    How to install: (1) pip install language_tool_python

    (2) make sure your environment has Java already (I insatlled Java8)

    (3) manually download LanguageTool-stable.zip form https://pypi.org/project/language-tool-python/

    (4) add : export LTP_PATH=/home/username/yournewfolder in your linux system bashrc

    (5) unzip LanguageTool-stable.zip ,and put folder "LanguageTool-5.5" under the path where we just add into bashrc

    (6) restart a terminal ,test language_tool_python follow the sample as https://pypi.org/project/language-tool-python/

    In the last, I highly suggest author to update the dependencies of this project!

    opened by BingkangShi 1
Owner
cookielee77
Ph.D. candidate at University of Washington
cookielee77
Attack classification models with transferability, black-box attack; unrestricted adversarial attacks on imagenet

Attack classification models with transferability, black-box attack; unrestricted adversarial attacks on imagenet, CVPR2021 安全AI挑战者计划第六期:ImageNet无限制对抗攻击 决赛第四名(team name: Advers)

null 51 Dec 1, 2022
NAACL2021 - COIL Contextualized Lexical Retriever

COIL Repo for our NAACL paper, COIL: Revisit Exact Lexical Match in Information Retrieval with Contextualized Inverted List. The code covers learning

Luyu Gao 108 Dec 31, 2022
PyTorch implementation of Interpretable Explanations of Black Boxes by Meaningful Perturbation

PyTorch implementation of Interpretable Explanations of Black Boxes by Meaningful Perturbation The paper: https://arxiv.org/abs/1704.03296 What makes

Jacob Gildenblat 322 Dec 17, 2022
Maximum Spatial Perturbation for Image-to-Image Translation (Official Implementation)

MSPC for I2I This repository is by Yanwu Xu and contains the PyTorch source code to reproduce the experiments in our CVPR2022 paper Maximum Spatial Pe

null 51 Dec 14, 2022
Code for "Adversarial Attack Generation Empowered by Min-Max Optimization", NeurIPS 2021

Min-Max Adversarial Attacks [Paper] [arXiv] [Video] [Slide] Adversarial Attack Generation Empowered by Min-Max Optimization Jingkang Wang, Tianyun Zha

Jingkang Wang 12 Nov 23, 2022
source code and pre-trained/fine-tuned checkpoint for NAACL 2021 paper LightningDOT

LightningDOT: Pre-training Visual-Semantic Embeddings for Real-Time Image-Text Retrieval This repository contains source code and pre-trained/fine-tun

Siqi 65 Dec 26, 2022
Codes for NAACL 2021 Paper "Unsupervised Multi-hop Question Answering by Question Generation"

Unsupervised-Multi-hop-QA This repository contains code and models for the paper: Unsupervised Multi-hop Question Answering by Question Generation (NA

Liangming Pan 70 Nov 27, 2022
Official code of our work, Unified Pre-training for Program Understanding and Generation [NAACL 2021].

PLBART Code pre-release of our work, Unified Pre-training for Program Understanding and Generation accepted at NAACL 2021. Note. A detailed documentat

Wasi Ahmad 138 Dec 30, 2022
Designing a Minimal Retrieve-and-Read System for Open-Domain Question Answering (NAACL 2021)

Designing a Minimal Retrieve-and-Read System for Open-Domain Question Answering Abstract In open-domain question answering (QA), retrieve-and-read mec

Clova AI Research 34 Apr 13, 2022
NAACL'2021: Factual Probing Is [MASK]: Learning vs. Learning to Recall

OptiPrompt This is the PyTorch implementation of the paper Factual Probing Is [MASK]: Learning vs. Learning to Recall. We propose OptiPrompt, a simple

Princeton Natural Language Processing 150 Dec 20, 2022