부산대학교 도서관

Aiming at the problem that DNNs-based text classification systems are vulnerable to adversarial example attacks, a black-box adversarial attack method of adversarial example generation for Chinese text classification, WordDeceiver, is proposed. In this method, we use the glyph and phonetic features of Chinese characters to construct adversarial search space, determine the replacement order by word saliency and classification probability, generate adversarial examples using word substitution strategy, and design a new method to improve the semantic similarity between the adversarial examples and the original samples. The effectiveness and transferability are verified on different classification datasets using two mainstream models. The experimental results show that WordDeceiver can preserve the original semantics and grammatical correctness to some extent and can be effectively transferred to other models and cloud platforms.