{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,9,30]],"date-time":"2023-09-30T16:14:29Z","timestamp":1696090469226},"reference-count":0,"publisher":"IOS Press","isbn-type":[{"value":"9781643684369","type":"print"},{"value":"9781643684376","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,9,28]],"date-time":"2023-09-28T00:00:00Z","timestamp":1695859200000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,9,28]]},"abstract":"<jats:p>The vulnerability of artificial intelligence has emerged as a bottleneck, with adversarial attacks posing a significant threat to natural language processing. Although multiple defense mechanisms have been proposed, they often suffer from strict constraints, weak generalization, and low scalability. To address these challenges, we propose leveraging perplexity to quantify the difference between clean and adversarial examples based on the observation of numerous cases. We then statistically prove the substantial difference between them using Bayesian hypothesis testing. Subsequently, we develop an adversarial defense framework named UMPS, which contains two branches: \u201cUncovering the Mask\u201d(UM) and \u201cPerplexity-guided Sampling\u201d(PS). UM utilizes a masked language model and Jaro-Winkler distance constraint to recover out-of-vocabulary words, while PS employs perplexity to locate the optimal sample within a convex hull which is constructed with integrated gradients. Theoretically, the proposed framework fulfills three requirements: effectiveness, universality, and portability. The experimental results demonstrate that UMPS effectively enhances the robustness of language models including BERT, against advanced attacks and outperforms three strong baseline methods. Furthermore, we conduct an instance analysis to illustrate how UMPS functions and what it outputs, an ablation study to support the validity and necessity of the two branches, and an post-hoc test on the difference in perplexity to explains the defense performance of our framework.<\/jats:p>","DOI":"10.3233\/faia230347","type":"book-chapter","created":{"date-parts":[[2023,9,29]],"date-time":"2023-09-29T09:09:47Z","timestamp":1695978587000},"source":"Crossref","is-referenced-by-count":0,"title":["Towards Trustworthy NLP: An Adversarial Robustness Enhancement Based on Perplexity Difference"],"prefix":"10.3233","author":[{"given":"Zhaocheng","family":"Ge","sequence":"first","affiliation":[{"name":"Huazhong University of Science and Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hanping","family":"Hu","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tengfei","family":"Zhao","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"7437","container-title":["Frontiers in Artificial Intelligence and Applications","ECAI 2023"],"original-title":[],"link":[{"URL":"https:\/\/ebooks.iospress.nl\/pdf\/doi\/10.3233\/FAIA230347","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,29]],"date-time":"2023-09-29T09:09:48Z","timestamp":1695978588000},"score":1,"resource":{"primary":{"URL":"https:\/\/ebooks.iospress.nl\/doi\/10.3233\/FAIA230347"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,28]]},"ISBN":["9781643684369","9781643684376"],"references-count":0,"URL":"https:\/\/doi.org\/10.3233\/faia230347","relation":{},"ISSN":["0922-6389","1879-8314"],"issn-type":[{"value":"0922-6389","type":"print"},{"value":"1879-8314","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,9,28]]}}}