{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T03:07:50Z","timestamp":1775790470228,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3590339","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"925-937","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Masked Language Model Based Textual Adversarial Example Detection"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-0196-2948","authenticated-orcid":false,"given":"Xiaomei","family":"Zhang","sequence":"first","affiliation":[{"name":"College of Computer and Information Science, Southwest University, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3813-2776","authenticated-orcid":false,"given":"Zhaoxi","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Information Technology, Deakin University, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3736-7135","authenticated-orcid":false,"given":"Qi","family":"Zhong","sequence":"additional","affiliation":[{"name":"School of Information Technology, Deakin University, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8294-8863","authenticated-orcid":false,"given":"Xufei","family":"Zheng","sequence":"additional","affiliation":[{"name":"College of Computer and Information Science, Southwest University, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5611-3483","authenticated-orcid":false,"given":"Yanjun","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science, University of Technology Sydney, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0042-9045","authenticated-orcid":false,"given":"Shengshan","family":"Hu","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Huazhong University of Science and Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9330-2662","authenticated-orcid":false,"given":"Leo Yu","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Information and Communication Technology, Griffith University, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Adversarial Example Detection Using Latent Neighborhood Graph","author":"Abusnaina A.","unstructured":"Ahmed\u00a0 A. Abusnaina , Yuhang Wu , Sunpreet\u00a0 S. Arora , Yizhen Wang , Fei Wang , Hao Yang , and David\u00a0 A. Mohaisen . 2021. Adversarial Example Detection Using Latent Neighborhood Graph . In ICCV. IEEE , Virtual , 7687\u20137696. Ahmed\u00a0A. Abusnaina, Yuhang Wu, Sunpreet\u00a0S. Arora, Yizhen Wang, Fei Wang, Hao Yang, and David\u00a0A. Mohaisen. 2021. Adversarial Example Detection Using Latent Neighborhood Graph. In ICCV. IEEE, Virtual, 7687\u20137696."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Basemah Alshemali and Jugal\u00a0Kumar Kalita. 2019. Toward Mitigating Adversarial Texts. Basemah Alshemali and Jugal\u00a0Kumar Kalita. 2019. Toward Mitigating Adversarial Texts.","DOI":"10.5120\/ijca2019919384"},{"key":"e_1_3_2_1_3_1","volume-title":"Generating Natural Language Adversarial Examples","author":"Alzantot Moustafa\u00a0Farid","unstructured":"Moustafa\u00a0Farid Alzantot , Yash Sharma , Ahmed Elgohary , Bo-Jhang Ho , Mani\u00a0 B. Srivastava , and Kai-Wei Chang . 2018. Generating Natural Language Adversarial Examples . In EMNLP. Association for Computational Linguistics , Brussels, Belgium , 2890\u20132896. Moustafa\u00a0Farid Alzantot, Yash Sharma, Ahmed Elgohary, Bo-Jhang Ho, Mani\u00a0B. Srivastava, and Kai-Wei Chang. 2018. Generating Natural Language Adversarial Examples. In EMNLP. Association for Computational Linguistics, Brussels, Belgium, 2890\u20132896."},{"key":"e_1_3_2_1_4_1","volume-title":"Oakland","author":"Carlini Nicholas","year":"1897","unstructured":"Nicholas Carlini , Steve Chien , Milad Nasr , Shuang Song , A. Terzis , and Florian Tram\u00e8r . 2022. Membership Inference Attacks From First Principles . In Oakland . IEEE , San Francisco, USA , 1897 \u20131914. Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, A. Terzis, and Florian Tram\u00e8r. 2022. Membership Inference Attacks From First Principles. In Oakland. IEEE, San Francisco, USA, 1897\u20131914."},{"key":"e_1_3_2_1_5_1","volume-title":"AISec","author":"Carlini Nicholas","unstructured":"Nicholas Carlini and David\u00a0 A. Wagner . 2017. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods . In AISec . ACM , New York, NY, USA , 3\u201314. Nicholas Carlini and David\u00a0A. Wagner. 2017. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. In AISec. ACM, New York, NY, USA, 3\u201314."},{"key":"e_1_3_2_1_6_1","unstructured":"Xi Chen Yan Duan Rein Houthooft John Schulman Ilya Sutskever and P. Abbeel. 2016. InfoGAN: Interpretable Representation Learning by Information Maximizing Generative Adversarial Nets. In NIPS. Barcelona Spain 2172\u20132180. Xi Chen Yan Duan Rein Houthooft John Schulman Ilya Sutskever and P. Abbeel. 2016. InfoGAN: Interpretable Representation Learning by Information Maximizing Generative Adversarial Nets. In NIPS. Barcelona Spain 2172\u20132180."},{"key":"e_1_3_2_1_7_1","volume-title":"BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding","author":"Devlin Jacob","year":"2019","unstructured":"Jacob Devlin , Ming-Wei Chang , Kenton Lee , and Kristina Toutanova . 2019 . BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding . In NAACL. Association for Computational Linguistics, Minneapolis , Minnesota , 4171\u20134186. Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2019. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In NAACL. Association for Computational Linguistics, Minneapolis, Minnesota, 4171\u20134186."},{"key":"e_1_3_2_1_8_1","unstructured":"Xinshuai Dong Anh\u00a0Tuan Luu Rongrong Ji and Hong Liu. 2021. Towards Robustness Against Natural Language Word Substitutions. In ICLR. OpenReview.net Virtual. Xinshuai Dong Anh\u00a0Tuan Luu Rongrong Ji and Hong Liu. 2021. Towards Robustness Against Natural Language Word Substitutions. In ICLR. OpenReview.net Virtual."},{"key":"e_1_3_2_1_9_1","volume-title":"HotFlip: White-Box Adversarial Examples for Text Classification","author":"Ebrahimi J.","unstructured":"J. Ebrahimi , Anyi Rao , Daniel Lowd , and Dejing Dou . 2018. HotFlip: White-Box Adversarial Examples for Text Classification . In ACL. Association for Computational Linguistics , Melbourne, Australia , 31\u201336. J. Ebrahimi, Anyi Rao, Daniel Lowd, and Dejing Dou. 2018. HotFlip: White-Box Adversarial Examples for Text Classification. In ACL. Association for Computational Linguistics, Melbourne, Australia, 31\u201336."},{"key":"e_1_3_2_1_10_1","volume-title":"Text Processing Like Humans Do: Visually Attacking and Shielding NLP Systems","author":"Eger Steffen","unstructured":"Steffen Eger , G\u00f6zde\u00a0G\u00fcl Sahin , Andreas R\u00fcckl\u00e9 , Ji-Ung Lee , Claudia Schulz , Mohsen Mesgar , Krishnkant Swarnkar , Edwin Simpson , and Iryna Gurevych . 2019. Text Processing Like Humans Do: Visually Attacking and Shielding NLP Systems . In EMNLP. Association for Computational Linguistics , Minneapolis, Minnesota , 1634\u20131647. Steffen Eger, G\u00f6zde\u00a0G\u00fcl Sahin, Andreas R\u00fcckl\u00e9, Ji-Ung Lee, Claudia Schulz, Mohsen Mesgar, Krishnkant Swarnkar, Edwin Simpson, and Iryna Gurevych. 2019. Text Processing Like Humans Do: Visually Attacking and Shielding NLP Systems. In EMNLP. Association for Computational Linguistics, Minneapolis, Minnesota, 1634\u20131647."},{"key":"e_1_3_2_1_11_1","volume-title":"2018 IEEE Security and Privacy Workshops (SPW). IEEE","author":"Gao Ji","year":"2018","unstructured":"Ji Gao , Jack Lanchantin , Mary\u00a0Lou Soffa , and Yanjun Qi . 2018 . Black-Box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers . In 2018 IEEE Security and Privacy Workshops (SPW). IEEE , San Francisco, CA, 50\u201356. Ji Gao, Jack Lanchantin, Mary\u00a0Lou Soffa, and Yanjun Qi. 2018. Black-Box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers. In 2018 IEEE Security and Privacy Workshops (SPW). IEEE, San Francisco, CA, 50\u201356."},{"key":"e_1_3_2_1_12_1","volume-title":"BAE: BERT-based Adversarial Examples for Text Classification","author":"Garg Siddhant","year":"2020","unstructured":"Siddhant Garg and Goutham Ramakrishnan . 2020 . BAE: BERT-based Adversarial Examples for Text Classification . In EMNLP. Association for Computational Linguistics , Virtual , 6174\u20136181. Siddhant Garg and Goutham Ramakrishnan. 2020. BAE: BERT-based Adversarial Examples for Text Classification. In EMNLP. Association for Computational Linguistics, Virtual, 6174\u20136181."},{"key":"e_1_3_2_1_13_1","volume-title":"ICLR. OpenReview.net","author":"Gilmer Justin","unstructured":"Justin Gilmer , Luke Metz , Fartash Faghri , Samuel\u00a0 S. Schoenholz , Maithra Raghu , Martin Wattenberg , and Ian\u00a0 J. Goodfellow . 2018. Adversarial Spheres . In ICLR. OpenReview.net , Vancouver, BC , Canada . Justin Gilmer, Luke Metz, Fartash Faghri, Samuel\u00a0S. Schoenholz, Maithra Raghu, Martin Wattenberg, and Ian\u00a0J. Goodfellow. 2018. Adversarial Spheres. In ICLR. OpenReview.net, Vancouver, BC, Canada."},{"key":"e_1_3_2_1_14_1","unstructured":"Ian\u00a0J. Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron\u00a0C. Courville and Yoshua Bengio. 2014. Generative Adversarial Nets. In NIPS. Montr\u00e9al Canada 2672\u20132680. Ian\u00a0J. Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron\u00a0C. Courville and Yoshua Bengio. 2014. Generative Adversarial Nets. In NIPS. Montr\u00e9al Canada 2672\u20132680."},{"key":"e_1_3_2_1_15_1","volume-title":"ICLR. OpenReview.net","author":"Goodfellow J.","unstructured":"Ian\u00a0 J. Goodfellow , Jonathon Shlens , and Christian Szegedy . 2015. Explaining and Harnessing Adversarial Examples . In ICLR. OpenReview.net , San Diego, CA, USA . Ian\u00a0J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In ICLR. OpenReview.net, San Diego, CA, USA."},{"key":"e_1_3_2_1_16_1","volume-title":"Don\u2019t Stop Pretraining: Adapt Language Models to Domains and Tasks","author":"Gururangan Suchin","unstructured":"Suchin Gururangan , Ana Marasovi\u0107 , Swabha Swayamdipta , Kyle Lo , Iz Beltagy , Doug Downey , and Noah\u00a0 A. Smith . 2020. Don\u2019t Stop Pretraining: Adapt Language Models to Domains and Tasks . In ACL. Association for Computational Linguistics , Virtual , 8342\u20138360. Suchin Gururangan, Ana Marasovi\u0107, Swabha Swayamdipta, Kyle Lo, Iz Beltagy, Doug Downey, and Noah\u00a0A. Smith. 2020. Don\u2019t Stop Pretraining: Adapt Language Models to Domains and Tasks. In ACL. Association for Computational Linguistics, Virtual, 8342\u20138360."},{"key":"e_1_3_2_1_17_1","volume-title":"Pretrained Transformers Improve Out-of-Distribution Robustness","author":"Hendrycks Dan","unstructured":"Dan Hendrycks , Xiaoyuan Liu , Eric Wallace , Adam Dziedzic , Rishabh Krishnan , and Dawn\u00a0Xiaodong Song . 2020. Pretrained Transformers Improve Out-of-Distribution Robustness . In ACL. Association for Computational Linguistics , Virtual , 2744\u20132751. Dan Hendrycks, Xiaoyuan Liu, Eric Wallace, Adam Dziedzic, Rishabh Krishnan, and Dawn\u00a0Xiaodong Song. 2020. Pretrained Transformers Improve Out-of-Distribution Robustness. In ACL. Association for Computational Linguistics, Virtual, 2744\u20132751."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"e_1_3_2_1_19_1","volume-title":"Adversarial Example Generation with Syntactically Controlled Paraphrase Networks","author":"Iyyer Mohit","year":"1875","unstructured":"Mohit Iyyer , John Wieting , Kevin Gimpel , and Luke Zettlemoyer . 2018. Adversarial Example Generation with Syntactically Controlled Paraphrase Networks . In NAACL. Association for Computational Linguistics , Louisiana, New Orleans, 1875 \u20131885. Mohit Iyyer, John Wieting, Kevin Gimpel, and Luke Zettlemoyer. 2018. Adversarial Example Generation with Syntactically Controlled Paraphrase Networks. In NAACL. Association for Computational Linguistics, Louisiana, New Orleans, 1875\u20131885."},{"key":"e_1_3_2_1_20_1","volume-title":"Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment","author":"Jin Di","unstructured":"Di Jin , Zhijing Jin , Joey\u00a0Tianyi Zhou , and Peter Szolovits . 2020. Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment . In AAAI. AAAI Press , New York, NY, USA , 8018\u20138025. Di Jin, Zhijing Jin, Joey\u00a0Tianyi Zhou, and Peter Szolovits. 2020. Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment. In AAAI. AAAI Press, New York, NY, USA, 8018\u20138025."},{"key":"e_1_3_2_1_21_1","volume-title":"ALBERT: A Lite BERT for Self-supervised Learning of Language Representations. In ICLR. OpenReview.net, Addis Ababa, Ethiopia.","author":"Lan Zhenzhong","year":"2020","unstructured":"Zhenzhong Lan , Mingda Chen , Sebastian Goodman , Kevin Gimpel , Piyush Sharma , and Radu Soricut . 2020 . ALBERT: A Lite BERT for Self-supervised Learning of Language Representations. In ICLR. OpenReview.net, Addis Ababa, Ethiopia. Zhenzhong Lan, Mingda Chen, Sebastian Goodman, Kevin Gimpel, Piyush Sharma, and Radu Soricut. 2020. ALBERT: A Lite BERT for Self-supervised Learning of Language Representations. In ICLR. OpenReview.net, Addis Ababa, Ethiopia."},{"key":"e_1_3_2_1_22_1","volume-title":"Contextualized Perturbation for Textual Adversarial Attack","author":"Li Dianqi","unstructured":"Dianqi Li , Yizhe Zhang , Hao Peng , Liqun Chen , Chris Brockett , Ming-Ting Sun , and Bill Dolan . 2021. Contextualized Perturbation for Textual Adversarial Attack . In NAACL. Association for Computational Linguistics , Virtual , 5053\u20135069. Dianqi Li, Yizhe Zhang, Hao Peng, Liqun Chen, Chris Brockett, Ming-Ting Sun, and Bill Dolan. 2021. Contextualized Perturbation for Textual Adversarial Attack. In NAACL. Association for Computational Linguistics, Virtual, 5053\u20135069."},{"key":"e_1_3_2_1_23_1","volume-title":"TextBugger: Generating Adversarial Text Against Real-world Applications","author":"Li Jinfeng","unstructured":"Jinfeng Li , Shouling Ji , Tianyu Du , Bo Li , and Ting Wang . 2019. TextBugger: Generating Adversarial Text Against Real-world Applications . In NDSS. The Internet Society , San Diego , California, USA. Jinfeng Li, Shouling Ji, Tianyu Du, Bo Li, and Ting Wang. 2019. TextBugger: Generating Adversarial Text Against Real-world Applications. In NDSS. The Internet Society, San Diego, California, USA."},{"key":"e_1_3_2_1_24_1","volume-title":"BERT-ATTACK: Adversarial Attack against BERT Using BERT","author":"Li Linyang","unstructured":"Linyang Li , Ruotian Ma , Qipeng Guo , X. Xue , and Xipeng Qiu . 2020. BERT-ATTACK: Adversarial Attack against BERT Using BERT . In EMNLP. Association for Computational Linguistics , Virtual , 6193\u20136202. Linyang Li, Ruotian Ma, Qipeng Guo, X. Xue, and Xipeng Qiu. 2020. BERT-ATTACK: Adversarial Attack against BERT Using BERT. In EMNLP. Association for Computational Linguistics, Virtual, 6193\u20136202."},{"key":"e_1_3_2_1_25_1","volume-title":"RoBERTa: A Robustly Optimized BERT Pretraining Approach. ArXiv abs\/1907.11692","author":"Liu Yinhan","year":"2019","unstructured":"Yinhan Liu , Myle Ott , Naman Goyal , Jingfei Du , Mandar Joshi , Danqi Chen , Omer Levy , Mike Lewis , Luke Zettlemoyer , and Veselin Stoyanov . 2019. RoBERTa: A Robustly Optimized BERT Pretraining Approach. ArXiv abs\/1907.11692 ( 2019 ). Yinhan Liu, Myle Ott, Naman Goyal, Jingfei Du, Mandar Joshi, Danqi Chen, Omer Levy, Mike Lewis, Luke Zettlemoyer, and Veselin Stoyanov. 2019. RoBERTa: A Robustly Optimized BERT Pretraining Approach. ArXiv abs\/1907.11692 (2019)."},{"key":"e_1_3_2_1_26_1","volume-title":"Learning Word Vectors for Sentiment Analysis","author":"Maas L.","unstructured":"Andrew\u00a0 L. Maas , Raymond\u00a0 E. Daly , Peter\u00a0 T. Pham , Dan Huang , A. Ng , and Christopher Potts . 2011. Learning Word Vectors for Sentiment Analysis . In ACL. Association for Computational Linguistics , Portland, Oregon, USA , 142\u2013150. Andrew\u00a0L. Maas, Raymond\u00a0E. Daly, Peter\u00a0T. Pham, Dan Huang, A. Ng, and Christopher Potts. 2011. Learning Word Vectors for Sentiment Analysis. In ACL. Association for Computational Linguistics, Portland, Oregon, USA, 142\u2013150."},{"key":"e_1_3_2_1_27_1","volume-title":"Generating Natural Language Attacks in a Hard Label Black Box Setting","author":"Maheshwary Rishabh","unstructured":"Rishabh Maheshwary , Saket Maheshwary , and Vikram Pudi . 2021. Generating Natural Language Attacks in a Hard Label Black Box Setting . In AAAI. AAAI Press , Virtual , 13525\u201313533. Rishabh Maheshwary, Saket Maheshwary, and Vikram Pudi. 2021. Generating Natural Language Attacks in a Hard Label Black Box Setting. In AAAI. AAAI Press, Virtual, 13525\u201313533."},{"key":"e_1_3_2_1_28_1","volume-title":"A Strong Baseline for Query Efficient Attacks in a Black Box Setting","author":"Maheshwary Rishabh","unstructured":"Rishabh Maheshwary , Saket Maheshwary , and Vikram Pudi . 2021. A Strong Baseline for Query Efficient Attacks in a Black Box Setting . In EMNLP. Association for Computational Linguistics , Virtual and Punta Cana, Dominican Republic, 8396\u20138409. Rishabh Maheshwary, Saket Maheshwary, and Vikram Pudi. 2021. A Strong Baseline for Query Efficient Attacks in a Black Box Setting. In EMNLP. Association for Computational Linguistics, Virtual and Punta Cana, Dominican Republic, 8396\u20138409."},{"key":"e_1_3_2_1_29_1","volume-title":"CCS.","author":"Meng Dongyu","unstructured":"Dongyu Meng and Hao Chen . 2017. MagNet: A Two-Pronged Defense against Adversarial Examples . In CCS. Dallas, TX, USA , 135\u2013147. Dongyu Meng and Hao Chen. 2017. MagNet: A Two-Pronged Defense against Adversarial Examples. In CCS. Dallas, TX, USA, 135\u2013147."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Han\u00a0Cheol Moon Shafiq\u00a0R. Joty and Xu Chi. 2022. GradMask: Gradient-Guided Token Masking for Textual Adversarial Example Detection. In KDD. Washington USA 3603\u20133613. Han\u00a0Cheol Moon Shafiq\u00a0R. Joty and Xu Chi. 2022. GradMask: Gradient-Guided Token Masking for Textual Adversarial Example Detection. In KDD. Washington USA 3603\u20133613.","DOI":"10.1145\/3534678.3539206"},{"key":"e_1_3_2_1_31_1","volume-title":"Data Augmentation, and Adversarial Training in NLP","author":"Morris X.","unstructured":"John\u00a0 X. Morris , Eli Lifland , Jin\u00a0Yong Yoo , Jake Grigsby , Di Jin , and Yanjun Qi. 2020. TextAttack: A Framework for Adversarial Attacks , Data Augmentation, and Adversarial Training in NLP . In EMNLP. Association for Computational Linguistics , Virtual , 119\u2013126. John\u00a0X. Morris, Eli Lifland, Jin\u00a0Yong Yoo, Jake Grigsby, Di Jin, and Yanjun Qi. 2020. TextAttack: A Framework for Adversarial Attacks, Data Augmentation, and Adversarial Training in NLP. In EMNLP. Association for Computational Linguistics, Virtual, 119\u2013126."},{"key":"e_1_3_2_1_32_1","volume-title":"That Is a Suspicious Reaction!\u201d: Interpreting Logits Variation to Detect NLP Adversarial Attacks","author":"Mosca Edoardo","unstructured":"Edoardo Mosca , Shreyash Agarwal , Javier Rando-Ramirez , and George\u00a0Louis Groh . 2022. \u201c That Is a Suspicious Reaction!\u201d: Interpreting Logits Variation to Detect NLP Adversarial Attacks . In ACL. Association for Computational Linguistics, Dublin , Ireland , 7806\u20137816. Edoardo Mosca, Shreyash Agarwal, Javier Rando-Ramirez, and George\u00a0Louis Groh. 2022. \u201cThat Is a Suspicious Reaction!\u201d: Interpreting Logits Variation to Detect NLP Adversarial Attacks. In ACL. Association for Computational Linguistics, Dublin, Ireland, 7806\u20137816."},{"key":"e_1_3_2_1_33_1","volume-title":"Frequency-Guided Word Substitutions for Detecting Textual Adversarial Examples","author":"Mozes Maximilian","unstructured":"Maximilian Mozes , Pontus Stenetorp , Bennett Kleinberg , and Lewis\u00a0 D. Griffin . 2021. Frequency-Guided Word Substitutions for Detecting Textual Adversarial Examples . In EACL. Association for Computational Linguistics , Virtual , 171\u2013186. Maximilian Mozes, Pontus Stenetorp, Bennett Kleinberg, and Lewis\u00a0D. Griffin. 2021. Frequency-Guided Word Substitutions for Detecting Textual Adversarial Examples. In EACL. Association for Computational Linguistics, Virtual, 171\u2013186."},{"key":"e_1_3_2_1_34_1","volume-title":"SSMBA: Self-Supervised Manifold Based Data Augmentation for Improving Out-of-Domain Robustness","author":"Ng Nathan","year":"2020","unstructured":"Nathan Ng , Kyunghyun Cho , and Marzyeh Ghassemi . 2020 . SSMBA: Self-Supervised Manifold Based Data Augmentation for Improving Out-of-Domain Robustness . In EMNLP. Association for Computational Linguistics , Virtual , 1268\u20131283. Nathan Ng, Kyunghyun Cho, and Marzyeh Ghassemi. 2020. SSMBA: Self-Supervised Manifold Based Data Augmentation for Improving Out-of-Domain Robustness. In EMNLP. Association for Computational Linguistics, Virtual, 1268\u20131283."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Dang\u00a0Minh Nguyen and Anh\u00a0Tuan Luu. 2022. Textual Manifold-based Defense Against Natural Language Adversarial Examples. In EMNLP. Abu Dhabi. Dang\u00a0Minh Nguyen and Anh\u00a0Tuan Luu. 2022. Textual Manifold-based Defense Against Natural Language Adversarial Examples. In EMNLP. Abu Dhabi.","DOI":"10.18653\/v1\/2022.emnlp-main.443"},{"key":"e_1_3_2_1_36_1","volume-title":"Combating Adversarial Misspellings with Robust Word Recognition","author":"Pruthi Danish","unstructured":"Danish Pruthi , Bhuwan Dhingra , and Zachary\u00a0Chase Lipton . 2019. Combating Adversarial Misspellings with Robust Word Recognition . In ACL. Association for Computational Linguistics , Florence, Italy , 5582\u20135591. Danish Pruthi, Bhuwan Dhingra, and Zachary\u00a0Chase Lipton. 2019. Combating Adversarial Misspellings with Robust Word Recognition. In ACL. Association for Computational Linguistics, Florence, Italy, 5582\u20135591."},{"key":"e_1_3_2_1_37_1","volume-title":"Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency","author":"Ren Shuhuai","unstructured":"Shuhuai Ren , Yihe Deng , Kun He , and Wanxiang Che . 2019. Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency . In ACL. Association for Computational Linguistics, Florence , Italy , 1085\u20131097. Shuhuai Ren, Yihe Deng, Kun He, and Wanxiang Che. 2019. Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency. In ACL. Association for Computational Linguistics, Florence, Italy, 1085\u20131097."},{"key":"e_1_3_2_1_38_1","volume-title":"The Dimpled Manifold Model of Adversarial Examples in Machine Learning. ArXiv abs\/2106.10151","author":"Shamir Adi","year":"2021","unstructured":"Adi Shamir , Odelia Melamed , and Oriel BenShmuel . 2021. The Dimpled Manifold Model of Adversarial Examples in Machine Learning. ArXiv abs\/2106.10151 ( 2021 ). Adi Shamir, Odelia Melamed, and Oriel BenShmuel. 2021. The Dimpled Manifold Model of Adversarial Examples in Machine Learning. ArXiv abs\/2106.10151 (2021)."},{"key":"e_1_3_2_1_39_1","volume-title":"Recursive Deep Models for Semantic Compositionality Over a Sentiment Treebank","author":"Socher Richard","unstructured":"Richard Socher , Alex Perelygin , Jean Wu , Jason Chuang , Christopher\u00a0 D. Manning , A. Ng , and Christopher Potts . 2013. Recursive Deep Models for Semantic Compositionality Over a Sentiment Treebank . In EMNLP. Association for Computational Linguistics , Seattle, USA , 1631\u20131642. Richard Socher, Alex Perelygin, Jean Wu, Jason Chuang, Christopher\u00a0D. Manning, A. Ng, and Christopher Potts. 2013. Recursive Deep Models for Semantic Compositionality Over a Sentiment Treebank. In EMNLP. Association for Computational Linguistics, Seattle, USA, 1631\u20131642."},{"key":"e_1_3_2_1_40_1","unstructured":"Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna D. Erhan Ian\u00a0J. Goodfellow and Rob Fergus. 2014. Intriguing properties of neural networks. In ICLR. OpenReview.net Banff AB Canada. Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna D. Erhan Ian\u00a0J. Goodfellow and Rob Fergus. 2014. Intriguing properties of neural networks. In ICLR. OpenReview.net Banff AB Canada."},{"key":"e_1_3_2_1_41_1","volume-title":"A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples. ArXiv abs\/1608.07690","author":"Tanay Thomas","year":"2016","unstructured":"Thomas Tanay and Lewis\u00a0 D. Griffin . 2016. A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples. ArXiv abs\/1608.07690 ( 2016 ). Thomas Tanay and Lewis\u00a0D. Griffin. 2016. A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples. ArXiv abs\/1608.07690 (2016)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TASLP.2022.3192097"},{"key":"e_1_3_2_1_43_1","volume-title":"CAT-Gen: Improving Robustness in NLP Models via Controlled Adversarial Text Generation","author":"Wang Tianlu","unstructured":"Tianlu Wang , Xuezhi Wang , Yao Qin , Ben Packer , Kang Li , Jilin Chen , Alex Beutel , and Ed\u00a0 H. Chi . 2020. CAT-Gen: Improving Robustness in NLP Models via Controlled Adversarial Text Generation . In EMNLP. Association for Computational Linguistics , Virtual , 5141\u20135146. Tianlu Wang, Xuezhi Wang, Yao Qin, Ben Packer, Kang Li, Jilin Chen, Alex Beutel, and Ed\u00a0H. Chi. 2020. CAT-Gen: Improving Robustness in NLP Models via Controlled Adversarial Text Generation. In EMNLP. Association for Computational Linguistics, Virtual, 5141\u20135146."},{"key":"e_1_3_2_1_44_1","volume-title":"Natural language adversarial defense through synonym encoding","author":"Wang Xiaosen","unstructured":"Xiaosen Wang , Hao Jin , Yichen Yang , and Kun He. 2021. Natural language adversarial defense through synonym encoding . In UAI. AUAI Press , Toronto, Canada , 823\u2013833. Xiaosen Wang, Hao Jin, Yichen Yang, and Kun He. 2021. Natural language adversarial defense through synonym encoding. In UAI. AUAI Press, Toronto, Canada, 823\u2013833."},{"key":"e_1_3_2_1_45_1","volume-title":"UAI. PMLR","author":"Wang Xiaosen","year":"2022","unstructured":"Xiaosen Wang , Yifeng Xiong , and Kun He . 2022 . Detecting textual adversarial examples through randomized substitution and vote . In UAI. PMLR , Eindhoven, Netherlands , 2056\u20132065. Xiaosen Wang, Yifeng Xiong, and Kun He. 2022. Detecting textual adversarial examples through randomized substitution and vote. In UAI. PMLR, Eindhoven, Netherlands, 2056\u20132065."},{"key":"e_1_3_2_1_46_1","volume-title":"Unsupervised Out-of-Domain Detection via Pre-trained Transformers","author":"Xu Keyang","unstructured":"Keyang Xu , Tongzheng Ren , Shikun Zhang , Yihao Feng , and Caiming Xiong . 2021. Unsupervised Out-of-Domain Detection via Pre-trained Transformers . In ACL. Association for Computational Linguistics , Virtual , 1052\u20131061. Keyang Xu, Tongzheng Ren, Shikun Zhang, Yihao Feng, and Caiming Xiong. 2021. Unsupervised Out-of-Domain Detection via Pre-trained Transformers. In ACL. Association for Computational Linguistics, Virtual, 1052\u20131061."},{"key":"e_1_3_2_1_47_1","unstructured":"Kaiwen Yang Tianyi Zhou Yonggang Zhang Xinmei Tian and Dacheng Tao. 2021. Class-Disentanglement and Applications in Adversarial Detection and Defense. Virtual 16051\u201316063. Kaiwen Yang Tianyi Zhou Yonggang Zhang Xinmei Tian and Dacheng Tao. 2021. Class-Disentanglement and Applications in Adversarial Detection and Defense. Virtual 16051\u201316063."},{"key":"e_1_3_2_1_48_1","volume-title":"SAFER: A Structure-free Approach for Certified Robustness to Adversarial Word Substitutions","author":"Ye Mao","year":"2020","unstructured":"Mao Ye , Chengyue Gong , and Qiang Liu . 2020 . SAFER: A Structure-free Approach for Certified Robustness to Adversarial Word Substitutions . In ACL. Association for Computational Linguistics , Virtual , 3465\u20133475. Mao Ye, Chengyue Gong, and Qiang Liu. 2020. SAFER: A Structure-free Approach for Certified Robustness to Adversarial Word Substitutions. In ACL. Association for Computational Linguistics, Virtual, 3465\u20133475."},{"key":"e_1_3_2_1_49_1","unstructured":"Xiang Zhang Junbo\u00a0Jake Zhao and Yann LeCun. 2015. Character-level Convolutional Networks for Text Classification. In NISP. Montreal Quebec Canada 649\u2013657. Xiang Zhang Junbo\u00a0Jake Zhao and Yann LeCun. 2015. Character-level Convolutional Networks for Text Classification. In NISP. Montreal Quebec Canada 649\u2013657."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxac080"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"crossref","unstructured":"Zhaoxi Zhang Leo\u00a0Yu Zhang Xufei Zheng Jinyu Tian and Jiantao Zhou. 2022. Self-Supervised Adversarial Example Detection by Disentangled Representation. In TrustCom. Zhaoxi Zhang Leo\u00a0Yu Zhang Xufei Zheng Jinyu Tian and Jiantao Zhou. 2022. Self-Supervised Adversarial Example Detection by Disentangled Representation. In TrustCom.","DOI":"10.1109\/TrustCom56396.2022.00137"},{"key":"e_1_3_2_1_52_1","volume-title":"Generating Natural Adversarial Examples. ArXiv abs\/1710.11342","author":"Zhao Zhengli","year":"2017","unstructured":"Zhengli Zhao , Dheeru Dua , and Sameer Singh . 2017. Generating Natural Adversarial Examples. ArXiv abs\/1710.11342 ( 2017 ). Zhengli Zhao, Dheeru Dua, and Sameer Singh. 2017. Generating Natural Adversarial Examples. ArXiv abs\/1710.11342 (2017)."},{"key":"e_1_3_2_1_53_1","volume-title":"Learning to Discriminate Perturbations for Blocking Adversarial Attacks in Text Classification","author":"Zhou Yichao","unstructured":"Yichao Zhou , Jyun-Yu Jiang , Kai-Wei Chang , and Wei Wang . 2019. Learning to Discriminate Perturbations for Blocking Adversarial Attacks in Text Classification . In EMNLP-IJCNLP. Association for Computational Linguistics , Hong Kong , China, 4904\u20134913. Yichao Zhou, Jyun-Yu Jiang, Kai-Wei Chang, and Wei Wang. 2019. Learning to Discriminate Perturbations for Blocking Adversarial Attacks in Text Classification. In EMNLP-IJCNLP. Association for Computational Linguistics, Hong Kong, China, 4904\u20134913."},{"key":"e_1_3_2_1_54_1","volume-title":"Defense against Adversarial Attacks in NLP via Dirichlet Neighborhood Ensemble","author":"Zhou Yi","unstructured":"Yi Zhou , Xiaoqing Zheng , Cho-Jui Hsieh , Kai-Wei Chang , and Xuanjing Huang . 2021. Defense against Adversarial Attacks in NLP via Dirichlet Neighborhood Ensemble . In ACL. Association for Computational Linguistics , Virtual , 5482\u20135492. Yi Zhou, Xiaoqing Zheng, Cho-Jui Hsieh, Kai-Wei Chang, and Xuanjing Huang. 2021. Defense against Adversarial Attacks in NLP via Dirichlet Neighborhood Ensemble. In ACL. Association for Computational Linguistics, Virtual, 5482\u20135492."}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia","acronym":"ASIA CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3590339","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:16Z","timestamp":1750183696000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3590339"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":54,"alternative-id":["10.1145\/3579856.3590339","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3590339","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}