An Improved Generation Method of Adversarial Example to Deceive NLP Deep Learning Classifiers

Deep learning has been developed rapidly and widely used over the last decade. However, the concepts of adversarial example and adversarial attack are proposed, that is, adding some perturbations to the input of a deep learning model could easily change the prediction result. Deep learning-based NLP (natural language processing) classification algorithms also have this vulnerability. DeepWordBug algorithm is an advanced algorithm for generating adversarial examples, which can effectively deceive common NLP classification models. However, this algorithm needs to modify too many words to cheat NLP classification models, which limits its applications. In response to the shortcomings of DeepWordBug algorithm, this paper proposes an improving method to improve DeepWordBug. Drawing on the idea of Textfooler algorithm, the improved DeepWordBug adopts the method of dynamically adjusting the number of modified words, limits the maximum number of modified words. The new algorithm greatly reduces the number of words that need to be modified while ensuring the accuracy of NLP classification models as around 30%. It also ensures better practicality while maintaining transferability.