{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,16]],"date-time":"2026-05-16T16:19:54Z","timestamp":1778948394819,"version":"3.51.4"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031200953","type":"print"},{"value":"9783031200960","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-20096-0_31","type":"book-chapter","created":{"date-parts":[[2023,1,12]],"date-time":"2023-01-12T15:04:11Z","timestamp":1673535851000},"page":"409-424","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Adversarial Attack and Defense on Natural Language Processing in Deep Learning: A Survey and Perspective"],"prefix":"10.1007","author":[{"given":"Huoyuan","family":"Dong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jialiang","family":"Dong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shuai","family":"Yuan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhitao","family":"Guan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,1,13]]},"reference":[{"issue":"7553","key":"31_CR1","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436\u2013444 (2015)","journal-title":"Nature"},{"key":"31_CR2","unstructured":"Szegedy, C., Zaremba, W., Sutskever, I., et al.: Intriguing properties of neural networks. In: Proceedings of the 2nd International Conference on Learning Representations, pp. 1\u201310 (2014)"},{"key":"31_CR3","unstructured":"Wenqi, W., Lina, W., Benxiao, T., et al.: Towards a robust deep neural network in text domain: a survey. arXiv preprint arXiv:1902.07285 (2019)"},{"key":"31_CR4","doi-asserted-by":"crossref","unstructured":"Zhang, W., Sheng, Q., Alhazmi, A., et al.: Adversarial attacks on deep-learning models in natural language processing: a survey. ACM Trans. Intell. Syst. Technol. 11(3), 24:1\u201324:41 (2020)","DOI":"10.1145\/3374217"},{"key":"31_CR5","unstructured":"Kusner, M., Sun, Y., Kolkin, N., et al.: From word embeddings to document distances. In: Proceedings of the International Conference on Machine Learning, Lille, pp. 957\u2013966. ACM (2015)"},{"key":"31_CR6","doi-asserted-by":"crossref","unstructured":"Gao, J., Lanchantin, J., Soffa, M.L., et al.: Black-box generation of adversarial text sequences to evade deep learning classifiers. In: Proceedings of the 2018 IEEE Security and Privacy Workshops, San Francisco, pp. 50\u201356. IEEE (2018)","DOI":"10.1109\/SPW.2018.00016"},{"key":"31_CR7","doi-asserted-by":"crossref","unstructured":"He, X., Lyu, L., Xu, Q., et al.: Model extraction and adversarial transferability, your BERT is vulnerable!. In: Proceedings of the 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, pp. 2006\u20132012. NAACL (2021)","DOI":"10.18653\/v1\/2021.naacl-main.161"},{"key":"31_CR8","doi-asserted-by":"crossref","unstructured":"Ebrahimi, J., Rao, A., Lowd, D., et al.: HotFlip: white-box adversarial examples for text classification. In: Proceedings of the 56th Annual Meeting of the Association for Computational Linguistics, Melbourne, pp. 31\u201336. ACL (2018)","DOI":"10.18653\/v1\/P18-2006"},{"key":"31_CR9","doi-asserted-by":"crossref","unstructured":"Gil, Y., Chai, Y., Gorodissky, O., et al.: White-to black: efficient distillation of black-box adversarial attacks. In: Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Minneapolis, pp. 1373\u20131379. NAACL (2019)","DOI":"10.18653\/v1\/N19-1139"},{"key":"31_CR10","unstructured":"Ebrahimi, J., Lowd, D., Dou, D.: On adversarial examples for character-level neural machine translation. In: Proceedings of the 27th International Conference on Computational Linguistics, Santa Fe, pp. 653\u2013663. ACM (2018)"},{"key":"31_CR11","doi-asserted-by":"crossref","unstructured":"Ren, S., Deng, Y., He, K., et al.: Generating natural language adversarial examples through probability weighted word saliency. In: Proceedings of the 57th Conference of the Association for Computational Linguistics, Florence, pp. 1085\u20131097. ACL (2019)","DOI":"10.18653\/v1\/P19-1103"},{"key":"31_CR12","doi-asserted-by":"crossref","unstructured":"Jin, D., Jin, Z., Zhou, J.T., et al.: Is BERT really robust? A strong baseline for natural language attack on text classification and entailment. In: Proceedings of the Thirty-Fourth AAAI Conference on Artificial Intelligence, New York, pp. 8018\u20138025. AAAI (2020)","DOI":"10.1609\/aaai.v34i05.6311"},{"key":"31_CR13","doi-asserted-by":"crossref","unstructured":"Emmery, C., Kadar, A., Chrupala, G.: Adversarial stylometry in the wild: transferable lexical substitution attacks on author profiling. In: Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Main Volume, pp. 2388\u20132402. ACL (2021)","DOI":"10.18653\/v1\/2021.eacl-main.203"},{"key":"31_CR14","doi-asserted-by":"crossref","unstructured":"Maheshwary, R., Maheshwary, S., Pudi, V.: A strong baseline for query efficient attacks in a black box setting. In: Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, Punta Cana, pp. 8396\u20138409. ACL (2021)","DOI":"10.18653\/v1\/2021.emnlp-main.661"},{"key":"31_CR15","doi-asserted-by":"crossref","unstructured":"Zhang, X., Zhang, J., Chen, Z., et al.: Crafting adversarial examples for neural machine translation. In: Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics, pp. 1967\u20131977. ACL (2021)","DOI":"10.18653\/v1\/2021.acl-long.153"},{"key":"31_CR16","doi-asserted-by":"crossref","unstructured":"Zeng, Z., Xiong, D.: An empirical study on adversarial attack on NMT: languages and positions matter. In: Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics, pp. 454\u2013460. ACL (2021)","DOI":"10.18653\/v1\/2021.acl-short.58"},{"key":"31_CR17","doi-asserted-by":"crossref","unstructured":"Emelin, D., Titov, I., Sennrich, R.: Detecting word sense disambiguation biases in machine translation for model-agnostic adversarial attacks. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing, pp. 7635\u20137653. ACL (2020)","DOI":"10.18653\/v1\/2020.emnlp-main.616"},{"key":"31_CR18","doi-asserted-by":"crossref","unstructured":"Cheng, Y., Jiang, L., Macherey, W.: Robust neural machine translation with doubly adversarial inputs. In: Proceedings of the 57th Conference of the Association for Computational Linguistics, Florence, pp. 4324\u20134333. ACL (2019)","DOI":"10.18653\/v1\/P19-1425"},{"key":"31_CR19","doi-asserted-by":"crossref","unstructured":"Meng, Z., Wattenhofer, R.: A geometry-inspired attack for generating natural language adversarial examples. In: Proceedings of the 28th International Conference on Computational Linguistics, Barcelona, pp. 6679\u20136689. ACM (2020)","DOI":"10.18653\/v1\/2020.coling-main.585"},{"key":"31_CR20","doi-asserted-by":"crossref","unstructured":"Lin, J., Zou, J., Ding, N.: Using adversarial attacks to reveal the statistical bias in machine reading comprehension models. In: Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing, pp. 333\u2013342. ACL (2021)","DOI":"10.18653\/v1\/2021.acl-short.43"},{"key":"31_CR21","doi-asserted-by":"crossref","unstructured":"Wang, T., Wang, X., Qin, Y., et al.: CAT-Gen: improving robustness in NLP models via controlled adversarial text generation. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing, pp. 5141\u20135146. ACL (2020)","DOI":"10.18653\/v1\/2020.emnlp-main.417"},{"key":"31_CR22","doi-asserted-by":"crossref","unstructured":"Jia, R., Liang, P.: Adversarial examples for evaluating reading comprehension systems. In: Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, Copenhagen, pp. 2021\u20132031. ACL (2017)","DOI":"10.18653\/v1\/D17-1215"},{"key":"31_CR23","doi-asserted-by":"crossref","unstructured":"Wang, B., Pei, H., Pan, B., et al.: T3: tree autoencoder constrained adversarial text generation for targeted attack. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing, pp. 6134\u20136150. ACL (2020)","DOI":"10.18653\/v1\/2020.emnlp-main.495"},{"key":"31_CR24","doi-asserted-by":"crossref","unstructured":"Tan, S., Joty, S.R.: Code-mixing on sesame street: dawn of the adversarial polyglots. In: Proceedings of the 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, pp. 3596\u20133616. NAACL (2021)","DOI":"10.18653\/v1\/2021.naacl-main.282"},{"key":"31_CR25","unstructured":"Belinkov, Y., Bisk, Y.: Synthetic and natural noise both break neural machine translation. In: Proceedings of the 6th International Conference on Learning Representations, Vancouver, pp. 1\u201313. ACM (2018)"},{"key":"31_CR26","unstructured":"Wang, X., Jin, H., Yang, Y., et al.: Natural language adversarial defense through synonym encoding. In: Proceedings of the Thirty-Senventh Conference on Uncertainty in Artificial Intelligence. AUAI (2021)"},{"key":"31_CR27","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Zheng, X., Hsieh, C.J., et al.: Defense against synonym substitution-based adversarial attacks via Dirichlet neighborhood ensemble. In: Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing, pp. 5482\u20135492. ACL (2021)","DOI":"10.18653\/v1\/2021.acl-long.426"},{"key":"31_CR28","doi-asserted-by":"crossref","unstructured":"Bao, R., Wang, J., Zhao, H.: Defending pre-trained language models from adversarial word substitution without performance sacrifice. In: Proceedings of the Findings of the Association for Computational Linguistics: ACL\/IJCNLP 2021, pp. 3248\u20133258. ACL (2021)","DOI":"10.18653\/v1\/2021.findings-acl.287"},{"key":"31_CR29","doi-asserted-by":"crossref","unstructured":"Si, C., Zhang, Z., Qi, F., et al.: Better robustness by more coverage: adversarial and mixup data augmentation for robust finetuning. In: Proceedings of the Findings of the Association for Computational Linguistics: ACL\/IJCNLP 2021, pp. 1569\u20131576. ACL (2021)","DOI":"10.18653\/v1\/2021.findings-acl.137"},{"key":"31_CR30","doi-asserted-by":"crossref","unstructured":"Wang, X., Yang, Y., Deng, Y., et al.: Adversarial training with fast gradient projection method against synonym substitution based text attacks. In: Proceedings of the Thirty-Fifth AAAI Conference on Artificial Intelligence, pp. 13997\u201314005. AAAI (2021)","DOI":"10.1609\/aaai.v35i16.17648"},{"key":"31_CR31","doi-asserted-by":"crossref","unstructured":"Mozes, M., Stenetorp, P., Kleinberg, B., et al.: Frequency-guided word substitutions for detecting textual adversarial examples. In: Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Main Volume, pp. 171\u2013186. EACL (2021)","DOI":"10.18653\/v1\/2021.eacl-main.13"},{"key":"31_CR32","doi-asserted-by":"crossref","unstructured":"Keller, Y., Mackensen, J., Eger, S.: BERT-defense: a probabilistic model based on BERT to combat cognitively inspired orthographic adversarial attacks. In: Proceedings of the Findings of the Association for Computational Linguistics: ACL\/IJCNLP 2021, pp. 1616\u20131629. ACL (2021)","DOI":"10.18653\/v1\/2021.findings-acl.141"},{"key":"31_CR33","unstructured":"Wang, B., Wang, S., Cheng, Y., et al.: InfoBERT: improving robustness of language models from an information theoretic perspective. In: Proceedings of the 9th International Conference on Learning Representation (2021)"},{"key":"31_CR34","doi-asserted-by":"crossref","unstructured":"Le, T., Park, N., Lee, D.: A sweet rabbit hole by DARCY: using honeypots to detect universal trigger\u2019s adversarial attacks. In: Proceedings of the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing, pp. 3831\u20133844. ACL (2021)","DOI":"10.18653\/v1\/2021.acl-long.296"},{"key":"31_CR35","doi-asserted-by":"crossref","unstructured":"Wang, W., Tang, P., Lou, J., et al.: Certified robustness to word substitution attack with differential privacy. In: Proceedings of the 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, pp. 1102\u20131112. NAACL (2021)","DOI":"10.18653\/v1\/2021.naacl-main.87"},{"key":"31_CR36","doi-asserted-by":"crossref","unstructured":"Ye, M., Gong, C., Liu, Q.: SAFER: a structure-free approach for certified robustness to adversarial word substitution. In: Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics, pp. 3465\u20133475. ACL (2020)","DOI":"10.18653\/v1\/2020.acl-main.317"},{"key":"31_CR37","unstructured":"Xu, K., Shi, Z., Zhang, H., et al.: Automatic perturbation analysis for scalable certified robustness and beyond. In: Proceedings of the Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020. MIT Press (2020)"},{"issue":"8","key":"31_CR38","first-page":"2415","volume":"30","author":"W Wang","year":"2019","unstructured":"Wang, W., Wang, R., Wang, L., Tang, B.: Adversarial examples generation approach for tendency classification on Chinese texts. Ruan Jian Xue Bao\/J. Softw. 30(8), 2415\u20132427 (2019)","journal-title":"Ruan Jian Xue Bao\/J. Softw."},{"key":"31_CR39","doi-asserted-by":"publisher","first-page":"79561","DOI":"10.1109\/ACCESS.2020.2988786","volume":"8","author":"N Cheng","year":"2020","unstructured":"Cheng, N., Chang, G., Gao, H., et al.: WordChange: adversarial examples generation approach for Chinese text classification. IEEE Access 8, 79561\u201379572 (2020)","journal-title":"IEEE Access"},{"key":"31_CR40","doi-asserted-by":"crossref","unstructured":"Yeh, J.F., Lu, Y.Y., Lee, C.H., et al.: Chinese word spelling correction based on rule induction. In: Proceedings of the Third CIPS-SIGHAN Joint Conference on Chinese Language Processing, Wuhan, pp. 139\u2013145. ACL (2014)","DOI":"10.3115\/v1\/W14-6822"},{"key":"31_CR41","unstructured":"Li, J., Du, T., Ji, S., et al.: TextShield: robust text classification based on multimodal embedding and neural machine translation. In: Proceedings of the 29th USENIX Security Symposium, pp. 1381\u20131398. USENIX Association (2020)"},{"key":"31_CR42","unstructured":"Ian, J.G., Jonathon, S., Christian, S.: Expaining and harnessing adversarial examples. In 3rd International Conference on Learning Representations, San Diego. ICLR (2015)"},{"key":"31_CR43","unstructured":"Ilyas, A., Santurkar, S., Tsipras, D., et al.: Adversarial examples are not bugs, they are features. In: Proceedings of the Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, Vancouver, pp. 125\u2013136. MIT Press (2019)"}],"container-title":["Lecture Notes in Computer Science","Machine Learning for Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-20096-0_31","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,12]],"date-time":"2023-01-12T15:11:11Z","timestamp":1673536271000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-20096-0_31"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031200953","9783031200960"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-20096-0_31","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"13 January 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ML4CS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Machine Learning for Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ml4cs2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/ml4cs2022\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}