ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2021, Vol. 58 ›› Issue (8): 1727-1750.doi: 10.7544/issn1000-1239.2021.20210304

Special Issue: 2021人工智能前沿进展专题

Previous Articles     Next Articles

Survey of Adversarial Attack, Defense and Robustness Analysis for Natural Language Processing

Zheng Haibin1, Chen Jinyin1,2, Zhang Yan1, Zhang Xuhong3, Ge Chunpeng4, Liu Zhe4, Ouyang Yike5, Ji Shouling6   

  1. 1(College of Information Engineering, Zhejiang University of Technology, Hangzhou 310023);2(Cyberspace Security Research Institute, Zhejiang University of Technology, Hangzhou 310023);3(College of Control Science and Engineering, Zhejiang University, Hangzhou 310063);4(College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106);5(Nanjing Research Center, Huawei Technologies Co., Ltd., Nanjing 210029);6(College of Computer Science and Technology, Zhejiang University, Hangzhou 310063)
  • Online:2021-08-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (62072406), the Natural Science Foundation of Zhejiang Province (LY19F020025), and the Major Special Funding for “Science and Technology Innovation 2025” in Ningbo (2018B10063).

Abstract: With the rapid development of artificial intelligence, deep neural networks have been widely applied in the fields of computer vision, signal analysis, and natural language processing. It helps machines process understand and use human language through functions such as syntax analysis, semantic analysis, and text comprehension. However, existing studies have shown that deep models are vulnerable to the attacks from adversarial texts. Adding imperceptible adversarial perturbations to normal texts, natural language processing models can make wrong predictions. To improve the robustness of the natural language processing model, defense-related researches have also developed in recent years. Based on the existing researches, we comprehensively detail related works in the field of adversarial attacks, defenses, and robustness analysis in natural language processing tasks. Specifically, we first introduce the research tasks and related natural language processing models. Then, attack and defense approaches are stated separately. The certified robustness analysis and benchmark datasets of natural language processing models are further investigated and a detailed introduction of natural language processing application platforms and toolkits is provided. Finally, we summarize the development direction of research on attacks and defenses in the future.

Key words: deep neural network, natural language processing, adversarial attack, defense, robustness

CLC Number: