Survey of Adversarial Attack, Defense and Robustness Analysis for Natural   Language Processing

Zheng Haibin; Chen Jinyin; Zhang Yan; Zhang Xuhong; Ge Chunpeng; Liu Zhe; Ouyang Yike; Ji Shouling

doi:10.7544/issn1000-1239.2021.20210304

Journal of Computer Research and Development > 2021 > 58(8): 1727-1750. > DOI: 10.7544/issn1000-1239.2021.20210304 CSTR: 32373.14.issn1000-1239.2021.20210304

Zheng Haibin, Chen Jinyin, Zhang Yan, Zhang Xuhong, Ge Chunpeng, Liu Zhe, Ouyang Yike, Ji Shouling. Survey of Adversarial Attack, Defense and Robustness Analysis for Natural Language Processing[J]. Journal of Computer Research and Development, 2021, 58(8): 1727-1750. DOI: 10.7544/issn1000-1239.2021.20210304

Citation:

PDF (1996 KB)

Survey of Adversarial Attack, Defense and Robustness Analysis for Natural Language Processing

¹(College of Information Engineering, Zhejiang University of Technology, Hangzhou 310023)
²(Cyberspace Security Research Institute, Zhejiang University of Technology, Hangzhou 310023)
³(College of Control Science and Engineering, Zhejiang University, Hangzhou 310063)
⁴(College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106)
⁵(Nanjing Research Center, Huawei Technologies Co., Ltd., Nanjing 210029)
⁶(College of Computer Science and Technology, Zhejiang University, Hangzhou 310063)

Funds: This work was supported by the National Natural Science Foundation of China (62072406), the Natural Science Foundation of Zhejiang Province (LY19F020025), and the Major Special Funding for “Science and Technology Innovation 2025” in Ningbo (2018B10063).

More Information

Published Date: July 31, 2021

Graphical Abstract

Abstract

Abstract

With the rapid development of artificial intelligence, deep neural networks have been widely applied in the fields of computer vision, signal analysis, and natural language processing. It helps machines process understand and use human language through functions such as syntax analysis, semantic analysis, and text comprehension. However, existing studies have shown that deep models are vulnerable to the attacks from adversarial texts. Adding imperceptible adversarial perturbations to normal texts, natural language processing models can make wrong predictions. To improve the robustness of the natural language processing model, defense-related researches have also developed in recent years. Based on the existing researches, we comprehensively detail related works in the field of adversarial attacks, defenses, and robustness analysis in natural language processing tasks. Specifically, we first introduce the research tasks and related natural language processing models. Then, attack and defense approaches are stated separately. The certified robustness analysis and benchmark datasets of natural language processing models are further investigated and a detailed introduction of natural language processing application platforms and toolkits is provided. Finally, we summarize the development direction of research on attacks and defenses in the future.
- deep neural network,
- natural language processing,
- adversarial attack,
- defense,
- robustness

FullText(HTML)

References (0)

[1]	Xu Dongyue, Tian Yunzhe, Chen Kang, Li Yike, Wu Yalun, Tong Endong, Niu Wenjia, Liu Jiqiang, Shi Zhongzhi. Survey on Adversarial Attack and Defense for Signal Modulation Recognition[J]. Journal of Computer Research and Development, 2025, 62(7): 1713-1737. DOI: 10.7544/issn1000-1239.202330826
[2]	Chen Xuanting, Ye Junjie, Zu Can, Xu Nuo, Gui Tao, Zhang Qi. Robustness of GPT Large Language Models on Natural Language Processing Tasks[J]. Journal of Computer Research and Development, 2024, 61(5): 1128-1142. DOI: 10.7544/issn1000-1239.202330801
[3]	Yang Guang, Zhou Yu, Chen Xiang, Zhang Xiangyu. CodeScore-R: An Automated Robustness Metric for Assessing the Functional Correctness of Code Synthesis[J]. Journal of Computer Research and Development, 2024, 61(2): 291-306. DOI: 10.7544/issn1000-1239.202330715
[4]	Li Zituo, Sun Jianbin, Yang Kewei, Xiong Dehui. A Review of Adversarial Robustness Evaluation for Image Classification[J]. Journal of Computer Research and Development, 2022, 59(10): 2164-2189. DOI: 10.7544/issn1000-1239.20220507
[5]	Zhang Mi, Yang Li, Zhang Junwei. FuzzerAPP：The Robustness Test of Application Component Communication in Android[J]. Journal of Computer Research and Development, 2017, 54(2): 338-347. DOI: 10.7544/issn1000-1239.2017.20150993
[6]	Qin Chuan, Chang Chin Chen, Guo Cheng. Perceptual Robust Image Hashing Scheme Based on Secret Sharing[J]. Journal of Computer Research and Development, 2012, 49(8): 1690-1698.
[7]	Qian Yuwen, Zhao Bangxin, Kong Jianshou, and Wang Zhiquan. Robust Covert Timing Channel Based on Web[J]. Journal of Computer Research and Development, 2011, 48(3): 423-431.
[8]	Zhao Qiyang and Yin Baolin. On the Luminance Overflow in Spread Spectrum Robust Image Watermarking Schemes[J]. Journal of Computer Research and Development, 2009, 46(10): 1729-1736.
[9]	Liu Yi, Wang Yumin. A Robust Itinerary Protection Based on Mobile Agents[J]. Journal of Computer Research and Development, 2005, 42(12): 2106-2110.
[10]	Hou Yuexian, Ding Zheng, and He Pilian. Self-Organizing Isometric Embedding[J]. Journal of Computer Research and Development, 2005, 42(2): 188-195.

Cited By

Cited by

Periodical cited type(10)

1.	何雪锋，周洁，陈德光，廖海. 自然语言处理的深度学习模型综述. 计算机应用与软件. 2025(02): 1-19+101 .
2.	吴欢欢，谢瑞麟，乔塬心，陈翔，崔展齐. 基于可解释性分析的深度神经网络优化方法. 计算机研究与发展. 2024(01): 209-220 . 本站查看
3.	桂韬，奚志恒，郑锐，刘勤，马若恬，伍婷，包容，张奇. 基于深度学习的自然语言处理鲁棒性研究综述. 计算机学报. 2024(01): 90-112 .
4.	黄云，董天宇. 电力人工智能指标算法模型多场景鲁棒性评价方法. 吉林大学学报(信息科学版). 2024(01): 162-167 .
5.	王小萌，张华，丁金扣，王稼慧. 一种随机束搜索文本攻击黑盒算法. 北京邮电大学学报. 2024(02): 24-29 .
6.	王春东，孙嘉琪，杨文军. 基于矫正理解的中文文本对抗样本生成方法. 计算机工程. 2023(02): 37-45 .
7.	王浩，唐桥虹，唐娜，郝烨，李澍，孟祥峰，李佳戈. 基于神经网络的心电分类算法抗扰性影响分析. 中国医疗设备. 2023(03): 61-65 .
8.	刘颖，杨鹏飞，张立军，吴志林，冯元. 前馈神经网络和循环神经网络的鲁棒性验证综述. 软件学报. 2023(07): 3134-3166 .
9.	吴舟婷，罗森林. 基于随机掩码和对抗训练的文本隐私保护实验. 实验技术与管理. 2023(08): 72-76 .
10.	金志刚，周峻毅，何晓勇. 面向自然语言处理领域的对抗攻击研究与展望. 信息安全研究. 2022(03): 202-211 .