Efficient text-based evolution algorithm to hard-label adversarial attacks on text

Deep neural networks that play a pivotal role in fields such as images, text, and audio are vulnerable to adversarial attacks. In current textual adversarial attacks, the vast majority are configured with a black-box soft-label which is achieved by the gradient information or confidence of the model...

Full description

Saved in:
Bibliographic Details
Published inJournal of King Saud University. Computer and information sciences Vol. 35; no. 5; p. 101539
Main Authors Peng, Hao, Wang, Zhe, Zhao, Dandan, Wu, Yiming, Han, Jianming, Guo, Shixin, Ji, Shouling, Zhong, Ming
Format Journal Article
LanguageEnglish
Published Elsevier B.V 01.05.2023
Springer
Subjects
Adversarial attack
Black-box attack
Hard-label
Language model
Machine learning
Natural language processing
Natural language processing
Black-box attack
Language model
Adversarial attack
Hard-label
Machine learning
Online AccessGet full text

Cover

Abstract Deep neural networks that play a pivotal role in fields such as images, text, and audio are vulnerable to adversarial attacks. In current textual adversarial attacks, the vast majority are configured with a black-box soft-label which is achieved by the gradient information or confidence of the model. Therefore, it becomes challenging and realistic to implement adversarial attacks using only the predicted top labels of the hard-label model. Existing methods to implement hard-label adversarial attacks use population-based genetic optimization algorithms. However, this approach requires significant query consumption, which is a considerable shortcoming. To solve this problem, we propose a new textual black-box hard-label adversarial attack algorithm based on the idea of differential evolution of populations, called the text-based differential evolution (TDE) algorithm. First, the method will judge the importance of the words of the initial rough adversarial examples, according to which only the keywords in the text sentence will be operated, and the rest of the words will be gradually replaced with the original words so as to reduce the words in the sentence in which the replacement occurs. Our method judges the quality of semantic similarity of the adversarial examples in the replacement process and deposits high-quality adversarial example individuals into the population. Secondly, the optimization process of adversarial examples is combined and optimized according to the word importance. Compared with existing methods based on genetic algorithm guidance, our method avoids a large number of meaningless repetitive queries and significantly improves the overall attack efficiency of the algorithm and the semantic quality of the generated adversarial examples. We experimented with multiple datasets on three text tasks of sentiment classification, natural language inference, and toxic comment, and also perform experimental comparisons on models and APIs in realistic scenarios. For example, in the Google Cloud commercial API adversarial attack experiment, compared to the existing hard-label method, our method reduces the average number of queries required for the attack from 6986 to 176, and increases semantic similarity from 0.844 to 0.876. It is shown through extensive experimental data that our approach not only significantly reduces the number of queries, but also significantly outperforms existing methods in terms of the quality of adversarial examples.
AbstractList Deep neural networks that play a pivotal role in fields such as images, text, and audio are vulnerable to adversarial attacks. In current textual adversarial attacks, the vast majority are configured with a black-box soft-label which is achieved by the gradient information or confidence of the model. Therefore, it becomes challenging and realistic to implement adversarial attacks using only the predicted top labels of the hard-label model. Existing methods to implement hard-label adversarial attacks use population-based genetic optimization algorithms. However, this approach requires significant query consumption, which is a considerable shortcoming. To solve this problem, we propose a new textual black-box hard-label adversarial attack algorithm based on the idea of differential evolution of populations, called the text-based differential evolution (TDE) algorithm. First, the method will judge the importance of the words of the initial rough adversarial examples, according to which only the keywords in the text sentence will be operated, and the rest of the words will be gradually replaced with the original words so as to reduce the words in the sentence in which the replacement occurs. Our method judges the quality of semantic similarity of the adversarial examples in the replacement process and deposits high-quality adversarial example individuals into the population. Secondly, the optimization process of adversarial examples is combined and optimized according to the word importance. Compared with existing methods based on genetic algorithm guidance, our method avoids a large number of meaningless repetitive queries and significantly improves the overall attack efficiency of the algorithm and the semantic quality of the generated adversarial examples. We experimented with multiple datasets on three text tasks of sentiment classification, natural language inference, and toxic comment, and also perform experimental comparisons on models and APIs in realistic scenarios. For example, in the Google Cloud commercial API adversarial attack experiment, compared to the existing hard-label method, our method reduces the average number of queries required for the attack from 6986 to 176, and increases semantic similarity from 0.844 to 0.876. It is shown through extensive experimental data that our approach not only significantly reduces the number of queries, but also significantly outperforms existing methods in terms of the quality of adversarial examples.
ArticleNumber 101539
Author Wang, Zhe
Peng, Hao
Han, Jianming
Wu, Yiming
Zhao, Dandan
Zhong, Ming
Guo, Shixin
Ji, Shouling
Author_xml – sequence: 1
  givenname: Hao
  surname: Peng
  fullname: Peng, Hao
  organization: College of Computer Science and Technology, Zhejiang Normal University, Jinhua 321004, China
– sequence: 2
  givenname: Zhe
  surname: Wang
  fullname: Wang, Zhe
  organization: College of Computer Science and Technology, Zhejiang Normal University, Jinhua 321004, China
– sequence: 3
  givenname: Dandan
  surname: Zhao
  fullname: Zhao, Dandan
  organization: College of Computer Science and Technology, Zhejiang Normal University, Jinhua 321004, China
– sequence: 4
  givenname: Yiming
  surname: Wu
  fullname: Wu, Yiming
  organization: Institute of Cyberspace Security, Zhejiang University of Technology, Hangzhou, Zhejiang 310027, China
– sequence: 5
  givenname: Jianming
  surname: Han
  fullname: Han, Jianming
  organization: College of Computer Science and Technology, Zhejiang Normal University, Jinhua 321004, China
– sequence: 6
  givenname: Shixin
  surname: Guo
  fullname: Guo, Shixin
  organization: College of Computer Science and Technology, Zhejiang Normal University, Jinhua 321004, China
– sequence: 7
  givenname: Shouling
  surname: Ji
  fullname: Ji, Shouling
  organization: College of Computer Science and Technology, Zhejiang University, Hangzhou, Zhejiang 310027, China
– sequence: 8
  givenname: Ming
  orcidid: 0000-0002-9132-3782
  surname: Zhong
  fullname: Zhong, Ming
  email: zhongming@zjnu.edu.cn
  organization: College of Computer Science and Technology, Zhejiang Normal University, Jinhua 321004, China
BookMark eNp9kF1LHTEQhoNY6Kn1H_Ri_8Ce5muzmxtBxC8QCqW9DpNkolnXE0niQf-9WY_0svDCDMPMwzvvN3K8Szsk5AejW0aZ-jlv58fy4uKWUy62tImNR2TDORM943I6JhsmmO7ZME5fyWkpM6VtRQ1SqA35fRlCdBF3tav4WnsLBX2H-7S81Jh2HSz3Kcf68NTV1D1A9v0CFpcO_B5zgRyh9bWCeyxdW18Z38mXAEvB0896Qv5eXf65uOnvfl3fXpzf9U6osfbByyEoJT3nWtnJUtAgYbDW2UH5EKZRSidZkEGKYXRcy5FphPbRgMriKE7I7YHrE8zmOccnyG8mQTQfg5TvDeQa3YKGB0uF5opq6aX1wySspUGjDC5YrUVjyQPL5VRKxvCPx6hZYzazOcRs1pgNbWKrhbPDGbY_9xGzKWuWDn3M6GozEv8PeAcqW4rD
Cites_doi 10.1016/j.cose.2022.102695
10.1007/s10462-016-9486-6
10.3115/1225403.1225421
10.1016/j.neunet.2014.09.003
10.18653/v1/2022.naacl-main.339
10.1162/neco.1997.9.8.1735
10.1109/ICIP46576.2022.9897705
10.18653/v1/2022.findings-naacl.14
10.18653/v1/2021.emnlp-demo.21
10.1109/MNET.011.1900472
10.18653/v1/D15-1075
10.1016/j.cose.2022.102730
10.2528/PIERB09011308
10.1162/tacl_a_00290
10.1609/aaai.v34i05.6311
10.18653/v1/2020.emnlp-demos.16
10.1016/j.aeue.2022.154478
10.1016/j.cose.2022.102694
10.1109/TEVC.2010.2059031
10.18653/v1/2021.emnlp-main.661
10.3115/1118693.1118704
10.18653/v1/2020.emnlp-main.498
10.18653/v1/N18-1101
10.18653/v1/W18-2501
10.1609/aaai.v35i15.17595
10.1016/j.neucom.2022.04.020
10.18653/v1/D18-2029
10.18653/v1/P18-2006
10.18653/v1/2020.acl-main.540
10.3115/v1/D14-1181
10.24963/ijcai.2018/585
10.14722/ndss.2019.23138
10.18653/v1/D18-1316
10.18653/v1/2020.emnlp-main.500
10.3115/1219840.1219855
10.18653/v1/P19-1103
ContentType Journal Article
Copyright 2023 The Authors
Copyright_xml – notice: 2023 The Authors
DBID 6I.
AAFTH
AAYXX
CITATION
DOA
DOI 10.1016/j.jksuci.2023.03.017
DatabaseName ScienceDirect Open Access Titles
Elsevier:ScienceDirect:Open Access
CrossRef
DOAJ Directory of Open Access Journals
DatabaseTitle CrossRef
DatabaseTitleList

Database_xml – sequence: 1
  dbid: DOA
  name: DOAJ Directory of Open Access Journals
  url: https://www.doaj.org/
  sourceTypes: Open Website
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 2213-1248
ExternalDocumentID oai_doaj_org_article_2fb03926094d4bd583bb0f9e4fcfb993
10_1016_j_jksuci_2023_03_017
S131915782300085X
GroupedDBID --K
0R~
0SF
4.4
457
5VS
6I.
AACTN
AAEDT
AAEDW
AAFTH
AAIKJ
AALRI
AAQXK
AAXUO
ABMAC
ACGFS
ADBBV
ADEZE
AEXQZ
AFTJW
AGHFR
AITUG
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
ASPBG
AVWKF
AZFZN
BCNDV
EBS
EJD
FDB
FEDTE
FGOYB
GROUPED_DOAJ
HVGLF
HZ~
IPNFZ
IXB
KQ8
M41
NCXOZ
O-L
O9-
OK1
R2-
RIG
ROL
SES
SSZ
XH2
AAJSJ
AASML
AAYWO
AAYXX
ABEEZ
ABWVN
ACULB
ADVLN
AFGXO
AFJKZ
AGQPQ
APXCP
C6C
CITATION
SOJ
ID FETCH-LOGICAL-c367t-fd45f664d2296b8b0a9a4a5bbcb56dff8744c41f4f4357c294719ea2485e6be73
IEDL.DBID DOA
ISSN 1319-1578
IngestDate Wed Aug 27 01:31:11 EDT 2025
Tue Jul 01 04:25:22 EDT 2025
Fri Feb 23 02:35:35 EST 2024
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 5
Keywords Natural language processing
Black-box attack
Language model
Adversarial attack
Hard-label
Machine learning
Language English
License This is an open access article under the CC BY-NC-ND license.
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c367t-fd45f664d2296b8b0a9a4a5bbcb56dff8744c41f4f4357c294719ea2485e6be73
ORCID 0000-0002-9132-3782
OpenAccessLink https://doaj.org/article/2fb03926094d4bd583bb0f9e4fcfb993
ParticipantIDs doaj_primary_oai_doaj_org_article_2fb03926094d4bd583bb0f9e4fcfb993
crossref_primary_10_1016_j_jksuci_2023_03_017
elsevier_sciencedirect_doi_10_1016_j_jksuci_2023_03_017
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate May 2023
2023-05-00
2023-05-01
PublicationDateYYYYMMDD 2023-05-01
PublicationDate_xml – month: 05
  year: 2023
  text: May 2023
PublicationDecade 2020
PublicationTitle Journal of King Saud University. Computer and information sciences
PublicationYear 2023
Publisher Elsevier B.V
Springer
Publisher_xml – name: Elsevier B.V
– name: Springer
References Maheshwary, R., Maheshwary, S., Pudi, V., 2021b. A strong baseline for query efficient attacks in a black box setting. arXiv preprint arXiv:2109.04775.
Ji, Du, Li, Shen, Li (b0085) 2020; 32
Maas, A., Daly, R.E., Pham, P.T., Huang, D., Ng, A.Y., Potts, C., 2011. Learning word vectors for sentiment analysis. In: Proceedings of the 49th Annual Meeting of the Association for Computational Linguistics: Human Language Technologies, pp. 142–150.
Maheshwary, R., Maheshwary, S., Pudi, V., 2021a. Generating natural language attacks in a hard label black box setting. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 13525–13533.
Radford, Wu, Child, Luan, Amodei, Sutskever (b0205) 2019; 1
Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R., 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.
Socher, R., Perelygin, A., Wu, J., Chuang, J., Manning, C.D., Ng, A.Y., Potts, C., 2013. Recursive deep models for semantic compositionality over a sentiment treebank. In: Proceedings of the 2013 Conference on Empirical Methods in Natural Language Processing, pp. 1631–1642.
Lan, Z., Chen, M., Goodman, S., Gimpel, K., Sharma, P., Soricut, R., 2019. Albert: A lite bert for self-supervised learning of language representations. arXiv preprint arXiv:1909.11942.
Ren, S., Deng, Y., He, K., Che, W., 2019. Generating natural language adversarial examples through probability weighted word saliency. In: Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, pp. 1085–1097.
Schmidhuber (b0230) 2015; 61
Wang, D., Lin, J., Wang, Y.-G., 2022b. Query-efficient adversarial attack based on latin hypercube sampling. In: 2022 IEEE International Conference on Image Processing (ICIP), pp. 546–550.
Hosseini, H., Kannan, S., Zhang, B., Poovendran, R., 2017. Deceiving google’s perspective api built for detecting toxic comments. arXiv preprint arXiv:1702.08138.
Garg, S., Ramakrishnan, G., 2020. Bae: Bert-based adversarial examples for text classification. arXiv preprint arXiv:2004.01970.
Kim, Y., 2014. Convolutional neural networks for sentence classification. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), Doha, Qatar. Association for Computational Linguistics. pp. 1746–1751.
Gao, Lanchantin, Soffa, Qi (b0050) 2018
Shao, Zhang, Yang, Li, Liu (b0235) 2022; 118
Alzantot, M., Sharma, Y., Elgohary, A., Ho, B.-J., Srivastava, M., and Chang, K.-W., 2018. Generating natural language adversarial examples. arXiv preprint arXiv:1804.07998.
Lhoest, Q., Villanova del Moral, A., Jernite, Y., Thakur, A., von Platen, P., Patil, S., Chaumond, J., Drame, M., Plu, J., Tunstall, L., Davison, J., Šaško, M., Chhablani, G., Malik, B., Brandeis, S., Le Scao, T., Sanh, V., Xu, C., Patry, N., McMillan-Major, A., Schmid, P., Gugger, S., Delangue, C., Matussière, T., Debut, L., Bekman, S., Cistac, P., Goehringer, T., Mustar, V., Lagunas, F., Rush, A., Wolf, T., 2021. Datasets: A community library for natural language processing. In: Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, Online and Punta Cana, Dominican Republic. Association for Computational Linguistics. pp. 175–184.
Zhang, Sheng, Alhazmi, Li (b0300) 2020; 11
Liu, Y., Ott, M., Goyal, N., Du, J., Joshi, M., Chen, D., Levy, O., Lewis, M., Zettlemoyer, L., Stoyanov, V., 2019. Roberta: A robustly optimized bert pretraining approach. arXiv preprint arXiv:1907.11692.
Wang, B., Xu, C., Liu, X., Cheng, Y., Li, B., 2022a. SemAttack: Natural Textual Attacks via Different Semantic Spaces. arXiv preprint arXiv:2205.01287.
Wang, X., Wang, H., Yang, D., 2021. Measure and Improve Robustness in NLP Models: A Survey. arXiv preprint arXiv:2112.08313.
Li, J., Ji, S., Du, T., Li, B., Wang, T., 2018. Textbugger: Generating adversarial text against real-world applications. arXiv preprint arXiv:1812.05271.
Jin, D., Jin, Z., Zhou, J.T., Szolovits, P., 2020. Is bert really robust? a strong baseline for natural language attack on text classification and entailment. In: Proceedings of the AAAI conference on artificial intelligence, vol. 34, pp. 8018–8025.
Ebrahimi, J., Rao, A., Lowd, D., Dou, D., 2017. Hotflip: White-box adversarial examples for text classification. arXiv preprint arXiv:1712.06751.
Panduro, Brizuela, Balderas, Acosta (b0175) 2009; 13
Bowman, S.R., Angeli, G., Potts, C., Manning, C.D., 2015. A large annotated corpus for learning natural language inference. arXiv preprint arXiv:1508.05326.
Kwon, Lee (b0110) 2022; 117
Xu, Wu, Liu, Liu (b0285) 2020; 34
Goodfellow, I.J., Shlens, J., Szegedy, C., 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.
Gong, Z., Wang, W., Li, B., Song, D., Ku, W.-S., 2018. Adversarial texts with gradient methods. arXiv preprint arXiv:1801.07175.
Liang, B., Li, H., Su, M., Bian, P., Li, X., Shi, W., 2017. Deep text classification can be fooled. arXiv preprint arXiv:1704.08006.
Zhang, X., Zhao, J., LeCun, Y., 2015. Character-level convolutional networks for text classification. Adv. Neural Informat. Process. Syst. 28.
Cer, D., Yang, Y., Kong, S.-Y., Hua, N., Limtiaco, N., John, R.S., Constant, N., Guajardo-Cespedes, M., Yuan, S., Tar, C., et al., 2018. Universal sentence encoder. arXiv preprint arXiv:1803.11175.
Pang, B., Lee, L., 2005. Seeing stars: Exploiting class relationships for sentiment categorization with respect to rating scales. arXiv preprint cs/0506075.
Devlin, J., Chang, M.-W., Lee, K., Toutanova, K., 2018. Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805.
Alatas, Bingol (b0010) 2020; 28
Morris, J., Lifland, E., Yoo, J.Y., Grigsby, J., Jin, D., Qi, Y., 2020. TextAttack: A framework for adversarial attacks, data augmentation, and adversarial training in nlp. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pp. 119–126.
Das, Suganthan (b0035) 2010; 15
Qin, Yue (b0195) 2022; 117
Williams, A., Nangia, N., Bowman, S.R., 2017. A broad-coverage challenge corpus for sentence understanding through inference. arXiv preprint arXiv:1704.05426.
Wang, W., Wang, R., Wang, L., Wang, Z., Ye, A., 2019. Towards a robust deep neural network in texts: A survey. arXiv preprint arXiv:1902.07285.
Joulin, A., Grave, E., Bojanowski, P., Douze, M., Jégou, H., Mikolov, T., 2016. Fasttext.zip: Compressing text classification models. arXiv preprint arXiv:1612.03651.
Bird, S., 2006. NLTK: the natural language toolkit. In: Proceedings of the COLING/ACL 2006 Interactive Presentation Sessions, pp. 69–72.
Pang, B., Lee, L., Vaithyanathan, S., 2002. Thumbs up? sentiment classification using machine learning techniques. arXiv preprint cs/0205070.
Saxena, S., 2020. Textdecepter: Hard label black box attack on text classifiers. arXiv preprint arXiv:2008.06860.
Papernot, McDaniel, Swami, Harang (b0190) 2016
Li, L., Ma, R., Guo, Q., Xue, X., Qiu, X., 2020. Bert-attack: Adversarial attack against bert using bert. arXiv preprint arXiv:2004.09984.
Qiu, Liu, Zhou, Huang (b0200) 2022; 492
Sanh, V., Debut, L., Chaumond, J., Wolf, T., 2019. Distilbert a distilled version of bert: smaller, faster, cheaper and lighter. arXiv preprint arXiv:1910.01108, year=2019.
Hochreiter, Schmidhuber (b0075) 1997; 9
Samanta, S., Mehta, S., 2017. Towards crafting text adversarial samples. arXiv preprint arXiv:1707.02812.
Karaboğa, Ökdem (b0100) 2004; 12
Lee, Moon, Lee, Song (b0120) 2022
Xu, Xu, An, Nielsen, Shen (b0290) 2023; 159
Gardner, M., Grus, J., Neumann, M., Tafjord, O., Dasigi, P., Liu, N., Peters, M., Schmitz, M., Zettlemoyer, L., 2018. Allennlp: A deep semantic natural language processing platform. arXiv preprint arXiv:1803.07640.
Vesterstrom, J., Thomsen, R., 2004. A comparative study of differential evolution, particle swarm optimization, and evolutionary algorithms on numerical benchmark problems. In: Proceedings of the 2004 Congress on Evolutionary Computation (IEEE Cat. No. 04TH8753), vol. 2, IEEE. pp. 1980–1987.
Zang, Y., Qi, F., Yang, C., Liu, Z., Zhang, M., Liu, Q., Sun, M., 2019. Word-level textual adversarial attacking as combinatorial optimization. arXiv preprint arXiv:1910.12196.
Lei, Wu, Chen, Dimakis, Dhillon, Witbrock (b0125) 2019; 1
Akyol, Alatas (b0005) 2017; 47
Warstadt, Singh, Bowman (b0275) 2019; 7
Warstadt (10.1016/j.jksuci.2023.03.017_b0275) 2019; 7
Panduro (10.1016/j.jksuci.2023.03.017_b0175) 2009; 13
Ji (10.1016/j.jksuci.2023.03.017_b0085) 2020; 32
10.1016/j.jksuci.2023.03.017_b0260
10.1016/j.jksuci.2023.03.017_b0140
10.1016/j.jksuci.2023.03.017_b0020
10.1016/j.jksuci.2023.03.017_b0185
10.1016/j.jksuci.2023.03.017_b0065
Papernot (10.1016/j.jksuci.2023.03.017_b0190) 2016
10.1016/j.jksuci.2023.03.017_b0180
10.1016/j.jksuci.2023.03.017_b0060
10.1016/j.jksuci.2023.03.017_b0225
10.1016/j.jksuci.2023.03.017_b0105
Xu (10.1016/j.jksuci.2023.03.017_b0290) 2023; 159
10.1016/j.jksuci.2023.03.017_b0220
10.1016/j.jksuci.2023.03.017_b0265
10.1016/j.jksuci.2023.03.017_b0145
10.1016/j.jksuci.2023.03.017_b0025
Qin (10.1016/j.jksuci.2023.03.017_b0195) 2022; 117
Zhang (10.1016/j.jksuci.2023.03.017_b0300) 2020; 11
10.1016/j.jksuci.2023.03.017_b0305
10.1016/j.jksuci.2023.03.017_b0150
10.1016/j.jksuci.2023.03.017_b0030
Alatas (10.1016/j.jksuci.2023.03.017_b0010) 2020; 28
10.1016/j.jksuci.2023.03.017_b0070
10.1016/j.jksuci.2023.03.017_b0270
Gao (10.1016/j.jksuci.2023.03.017_b0050) 2018
10.1016/j.jksuci.2023.03.017_b0115
Schmidhuber (10.1016/j.jksuci.2023.03.017_b0230) 2015; 61
10.1016/j.jksuci.2023.03.017_b0155
Radford (10.1016/j.jksuci.2023.03.017_b0205) 2019; 1
Lei (10.1016/j.jksuci.2023.03.017_b0125) 2019; 1
Das (10.1016/j.jksuci.2023.03.017_b0035) 2010; 15
10.1016/j.jksuci.2023.03.017_b0040
Karaboğa (10.1016/j.jksuci.2023.03.017_b0100) 2004; 12
Kwon (10.1016/j.jksuci.2023.03.017_b0110) 2022; 117
10.1016/j.jksuci.2023.03.017_b0240
10.1016/j.jksuci.2023.03.017_b0080
10.1016/j.jksuci.2023.03.017_b0280
10.1016/j.jksuci.2023.03.017_b0160
Shao (10.1016/j.jksuci.2023.03.017_b0235) 2022; 118
10.1016/j.jksuci.2023.03.017_b0165
10.1016/j.jksuci.2023.03.017_b0045
Lee (10.1016/j.jksuci.2023.03.017_b0120) 2022
10.1016/j.jksuci.2023.03.017_b0245
Hochreiter (10.1016/j.jksuci.2023.03.017_b0075) 1997; 9
Xu (10.1016/j.jksuci.2023.03.017_b0285) 2020; 34
Akyol (10.1016/j.jksuci.2023.03.017_b0005) 2017; 47
10.1016/j.jksuci.2023.03.017_b0090
Qiu (10.1016/j.jksuci.2023.03.017_b0200) 2022; 492
10.1016/j.jksuci.2023.03.017_b0095
10.1016/j.jksuci.2023.03.017_b0250
10.1016/j.jksuci.2023.03.017_b0130
10.1016/j.jksuci.2023.03.017_b0295
10.1016/j.jksuci.2023.03.017_b0170
10.1016/j.jksuci.2023.03.017_b0015
10.1016/j.jksuci.2023.03.017_b0215
10.1016/j.jksuci.2023.03.017_b0055
10.1016/j.jksuci.2023.03.017_b0210
10.1016/j.jksuci.2023.03.017_b0255
10.1016/j.jksuci.2023.03.017_b0135
References_xml – reference: Li, L., Ma, R., Guo, Q., Xue, X., Qiu, X., 2020. Bert-attack: Adversarial attack against bert using bert. arXiv preprint arXiv:2004.09984.
– volume: 13
  start-page: 171
  year: 2009
  end-page: 186
  ident: b0175
  article-title: A comparison of genetic algorithms, particle swarm optimization and the differential evolution method for the design of scannable circular antenna arrays
  publication-title: Progress Electromagnet. Res. B
– reference: Vesterstrom, J., Thomsen, R., 2004. A comparative study of differential evolution, particle swarm optimization, and evolutionary algorithms on numerical benchmark problems. In: Proceedings of the 2004 Congress on Evolutionary Computation (IEEE Cat. No. 04TH8753), vol. 2, IEEE. pp. 1980–1987.
– reference: Wang, B., Xu, C., Liu, X., Cheng, Y., Li, B., 2022a. SemAttack: Natural Textual Attacks via Different Semantic Spaces. arXiv preprint arXiv:2205.01287.
– reference: Gong, Z., Wang, W., Li, B., Song, D., Ku, W.-S., 2018. Adversarial texts with gradient methods. arXiv preprint arXiv:1801.07175.
– reference: Lan, Z., Chen, M., Goodman, S., Gimpel, K., Sharma, P., Soricut, R., 2019. Albert: A lite bert for self-supervised learning of language representations. arXiv preprint arXiv:1909.11942.
– reference: Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R., 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.
– reference: Liang, B., Li, H., Su, M., Bian, P., Li, X., Shi, W., 2017. Deep text classification can be fooled. arXiv preprint arXiv:1704.08006.
– reference: Wang, W., Wang, R., Wang, L., Wang, Z., Ye, A., 2019. Towards a robust deep neural network in texts: A survey. arXiv preprint arXiv:1902.07285.
– reference: Ren, S., Deng, Y., He, K., Che, W., 2019. Generating natural language adversarial examples through probability weighted word saliency. In: Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, pp. 1085–1097.
– reference: Pang, B., Lee, L., Vaithyanathan, S., 2002. Thumbs up? sentiment classification using machine learning techniques. arXiv preprint cs/0205070.
– start-page: 50
  year: 2018
  end-page: 56
  ident: b0050
  article-title: Black-box generation of adversarial text sequences to evade deep learning classifiers
  publication-title: 2018 IEEE Security and Privacy Workshops (SPW)
– volume: 1
  start-page: 146
  year: 2019
  end-page: 165
  ident: b0125
  article-title: Discrete adversarial attacks and submodular optimization with applications to text classification
  publication-title: Proc. Mach. Learn. Syst.
– reference: Goodfellow, I.J., Shlens, J., Szegedy, C., 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.
– reference: Bird, S., 2006. NLTK: the natural language toolkit. In: Proceedings of the COLING/ACL 2006 Interactive Presentation Sessions, pp. 69–72.
– reference: Cer, D., Yang, Y., Kong, S.-Y., Hua, N., Limtiaco, N., John, R.S., Constant, N., Guajardo-Cespedes, M., Yuan, S., Tar, C., et al., 2018. Universal sentence encoder. arXiv preprint arXiv:1803.11175.
– reference: Socher, R., Perelygin, A., Wu, J., Chuang, J., Manning, C.D., Ng, A.Y., Potts, C., 2013. Recursive deep models for semantic compositionality over a sentiment treebank. In: Proceedings of the 2013 Conference on Empirical Methods in Natural Language Processing, pp. 1631–1642.
– volume: 15
  start-page: 4
  year: 2010
  end-page: 31
  ident: b0035
  article-title: Differential evolution: A survey of the state-of-the-art
  publication-title: IEEE Trans. Evol. Comput.
– reference: Hosseini, H., Kannan, S., Zhang, B., Poovendran, R., 2017. Deceiving google’s perspective api built for detecting toxic comments. arXiv preprint arXiv:1702.08138.
– start-page: 49
  year: 2016
  end-page: 54
  ident: b0190
  article-title: Crafting adversarial input sequences for recurrent neural networks
  publication-title: MILCOM 2016–2016 IEEE Military Communications Conference
– volume: 118
  start-page: 102730
  year: 2022
  ident: b0235
  article-title: The triggers that open the NLP model backdoors are hidden in the adversarial samples
  publication-title: Comput. Sec.
– reference: Devlin, J., Chang, M.-W., Lee, K., Toutanova, K., 2018. Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805.
– reference: Gardner, M., Grus, J., Neumann, M., Tafjord, O., Dasigi, P., Liu, N., Peters, M., Schmitz, M., Zettlemoyer, L., 2018. Allennlp: A deep semantic natural language processing platform. arXiv preprint arXiv:1803.07640.
– reference: Wang, X., Wang, H., Yang, D., 2021. Measure and Improve Robustness in NLP Models: A Survey. arXiv preprint arXiv:2112.08313.
– reference: Alzantot, M., Sharma, Y., Elgohary, A., Ho, B.-J., Srivastava, M., and Chang, K.-W., 2018. Generating natural language adversarial examples. arXiv preprint arXiv:1804.07998.
– volume: 159
  start-page: 154478
  year: 2023
  ident: b0290
  article-title: Adversarial attacks and active defense on deep learning based identification of GaN power amplifiers under physical perturbation
  publication-title: AEU-Int. J. Electron. Commun.
– volume: 34
  start-page: 42
  year: 2020
  end-page: 48
  ident: b0285
  article-title: A community detection method based on local optimization in social networks
  publication-title: Ieee Network
– volume: 117
  start-page: 102694
  year: 2022
  ident: b0195
  article-title: Fuzzing-based hard-label black-box attacks against machine learning models
  publication-title: Comput. Sec.
– volume: 12
  start-page: 53
  year: 2004
  end-page: 60
  ident: b0100
  article-title: A simple and global optimization algorithm for engineering problems: differential evolution algorithm
  publication-title: Turkish J. Electr. Eng. Comput. Sci.
– reference: Zhang, X., Zhao, J., LeCun, Y., 2015. Character-level convolutional networks for text classification. Adv. Neural Informat. Process. Syst. 28.
– reference: Pang, B., Lee, L., 2005. Seeing stars: Exploiting class relationships for sentiment categorization with respect to rating scales. arXiv preprint cs/0506075.
– reference: Joulin, A., Grave, E., Bojanowski, P., Douze, M., Jégou, H., Mikolov, T., 2016. Fasttext.zip: Compressing text classification models. arXiv preprint arXiv:1612.03651.
– reference: Samanta, S., Mehta, S., 2017. Towards crafting text adversarial samples. arXiv preprint arXiv:1707.02812.
– reference: Zang, Y., Qi, F., Yang, C., Liu, Z., Zhang, M., Liu, Q., Sun, M., 2019. Word-level textual adversarial attacking as combinatorial optimization. arXiv preprint arXiv:1910.12196.
– reference: Maheshwary, R., Maheshwary, S., Pudi, V., 2021a. Generating natural language attacks in a hard label black box setting. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 13525–13533.
– start-page: 12478
  year: 2022
  end-page: 12497
  ident: b0120
  article-title: Query-efficient and scalable black-box adversarial attacks on discrete sequential data via bayesian optimization
  publication-title: International Conference on Machine Learning
– volume: 28
  year: 2020
  ident: b0010
  article-title: Comparative assessment of light-based intelligent search and optimization algorithms
  publication-title: Light Eng.
– reference: Maheshwary, R., Maheshwary, S., Pudi, V., 2021b. A strong baseline for query efficient attacks in a black box setting. arXiv preprint arXiv:2109.04775.
– volume: 47
  start-page: 417
  year: 2017
  end-page: 462
  ident: b0005
  article-title: Plant intelligence based metaheuristic optimization algorithms
  publication-title: Artif. Intell. Rev.
– reference: Wang, D., Lin, J., Wang, Y.-G., 2022b. Query-efficient adversarial attack based on latin hypercube sampling. In: 2022 IEEE International Conference on Image Processing (ICIP), pp. 546–550.
– volume: 9
  start-page: 1735
  year: 1997
  end-page: 1780
  ident: b0075
  article-title: Long short-term memory
  publication-title: Neural Comput.
– volume: 61
  start-page: 85
  year: 2015
  end-page: 117
  ident: b0230
  article-title: Deep learning in neural networks: An overview
  publication-title: Neural Networks
– reference: Ebrahimi, J., Rao, A., Lowd, D., Dou, D., 2017. Hotflip: White-box adversarial examples for text classification. arXiv preprint arXiv:1712.06751.
– reference: Kim, Y., 2014. Convolutional neural networks for sentence classification. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), Doha, Qatar. Association for Computational Linguistics. pp. 1746–1751.
– volume: 32
  start-page: 41
  year: 2020
  end-page: 67
  ident: b0085
  article-title: Machine learning model security and privacy research: A survey
  publication-title: J. Softw.
– reference: Bowman, S.R., Angeli, G., Potts, C., Manning, C.D., 2015. A large annotated corpus for learning natural language inference. arXiv preprint arXiv:1508.05326.
– reference: Jin, D., Jin, Z., Zhou, J.T., Szolovits, P., 2020. Is bert really robust? a strong baseline for natural language attack on text classification and entailment. In: Proceedings of the AAAI conference on artificial intelligence, vol. 34, pp. 8018–8025.
– volume: 492
  start-page: 278
  year: 2022
  end-page: 307
  ident: b0200
  article-title: Adversarial attack and defense technologies in natural language processing: A survey
  publication-title: Neurocomputing
– reference: Li, J., Ji, S., Du, T., Li, B., Wang, T., 2018. Textbugger: Generating adversarial text against real-world applications. arXiv preprint arXiv:1812.05271.
– reference: Garg, S., Ramakrishnan, G., 2020. Bae: Bert-based adversarial examples for text classification. arXiv preprint arXiv:2004.01970.
– reference: Morris, J., Lifland, E., Yoo, J.Y., Grigsby, J., Jin, D., Qi, Y., 2020. TextAttack: A framework for adversarial attacks, data augmentation, and adversarial training in nlp. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pp. 119–126.
– reference: Liu, Y., Ott, M., Goyal, N., Du, J., Joshi, M., Chen, D., Levy, O., Lewis, M., Zettlemoyer, L., Stoyanov, V., 2019. Roberta: A robustly optimized bert pretraining approach. arXiv preprint arXiv:1907.11692.
– reference: Saxena, S., 2020. Textdecepter: Hard label black box attack on text classifiers. arXiv preprint arXiv:2008.06860.
– reference: Sanh, V., Debut, L., Chaumond, J., Wolf, T., 2019. Distilbert a distilled version of bert: smaller, faster, cheaper and lighter. arXiv preprint arXiv:1910.01108, year=2019.
– reference: Maas, A., Daly, R.E., Pham, P.T., Huang, D., Ng, A.Y., Potts, C., 2011. Learning word vectors for sentiment analysis. In: Proceedings of the 49th Annual Meeting of the Association for Computational Linguistics: Human Language Technologies, pp. 142–150.
– volume: 11
  start-page: 1
  year: 2020
  end-page: 41
  ident: b0300
  article-title: Adversarial attacks on deep-learning models in natural language processing: A survey
  publication-title: ACM Trans. Intell. Syst. Technol. (TIST)
– volume: 1
  start-page: 9
  year: 2019
  ident: b0205
  article-title: Language models are unsupervised multitask learners
  publication-title: OpenAI blog
– reference: Williams, A., Nangia, N., Bowman, S.R., 2017. A broad-coverage challenge corpus for sentence understanding through inference. arXiv preprint arXiv:1704.05426.
– volume: 7
  start-page: 625
  year: 2019
  end-page: 641
  ident: b0275
  article-title: Neural network acceptability judgments
  publication-title: Trans. Assoc. Comput. Linguist.
– volume: 117
  start-page: 102695
  year: 2022
  ident: b0110
  article-title: Ensemble transfer attack targeting text classification systems
  publication-title: Comput. Sec.
– reference: Lhoest, Q., Villanova del Moral, A., Jernite, Y., Thakur, A., von Platen, P., Patil, S., Chaumond, J., Drame, M., Plu, J., Tunstall, L., Davison, J., Šaško, M., Chhablani, G., Malik, B., Brandeis, S., Le Scao, T., Sanh, V., Xu, C., Patry, N., McMillan-Major, A., Schmid, P., Gugger, S., Delangue, C., Matussière, T., Debut, L., Bekman, S., Cistac, P., Goehringer, T., Mustar, V., Lagunas, F., Rush, A., Wolf, T., 2021. Datasets: A community library for natural language processing. In: Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, Online and Punta Cana, Dominican Republic. Association for Computational Linguistics. pp. 175–184.
– start-page: 12478
  year: 2022
  ident: 10.1016/j.jksuci.2023.03.017_b0120
  article-title: Query-efficient and scalable black-box adversarial attacks on discrete sequential data via bayesian optimization
– start-page: 50
  year: 2018
  ident: 10.1016/j.jksuci.2023.03.017_b0050
  article-title: Black-box generation of adversarial text sequences to evade deep learning classifiers
– ident: 10.1016/j.jksuci.2023.03.017_b0095
– volume: 117
  start-page: 102695
  year: 2022
  ident: 10.1016/j.jksuci.2023.03.017_b0110
  article-title: Ensemble transfer attack targeting text classification systems
  publication-title: Comput. Sec.
  doi: 10.1016/j.cose.2022.102695
– volume: 47
  start-page: 417
  issue: 4
  year: 2017
  ident: 10.1016/j.jksuci.2023.03.017_b0005
  article-title: Plant intelligence based metaheuristic optimization algorithms
  publication-title: Artif. Intell. Rev.
  doi: 10.1007/s10462-016-9486-6
– ident: 10.1016/j.jksuci.2023.03.017_b0020
  doi: 10.3115/1225403.1225421
– ident: 10.1016/j.jksuci.2023.03.017_b0265
– volume: 61
  start-page: 85
  year: 2015
  ident: 10.1016/j.jksuci.2023.03.017_b0230
  article-title: Deep learning in neural networks: An overview
  publication-title: Neural Networks
  doi: 10.1016/j.neunet.2014.09.003
– ident: 10.1016/j.jksuci.2023.03.017_b0245
– ident: 10.1016/j.jksuci.2023.03.017_b0270
  doi: 10.18653/v1/2022.naacl-main.339
– volume: 9
  start-page: 1735
  issue: 8
  year: 1997
  ident: 10.1016/j.jksuci.2023.03.017_b0075
  article-title: Long short-term memory
  publication-title: Neural Comput.
  doi: 10.1162/neco.1997.9.8.1735
– ident: 10.1016/j.jksuci.2023.03.017_b0260
  doi: 10.1109/ICIP46576.2022.9897705
– ident: 10.1016/j.jksuci.2023.03.017_b0255
  doi: 10.18653/v1/2022.findings-naacl.14
– ident: 10.1016/j.jksuci.2023.03.017_b0130
  doi: 10.18653/v1/2021.emnlp-demo.21
– start-page: 49
  year: 2016
  ident: 10.1016/j.jksuci.2023.03.017_b0190
  article-title: Crafting adversarial input sequences for recurrent neural networks
– volume: 34
  start-page: 42
  issue: 4
  year: 2020
  ident: 10.1016/j.jksuci.2023.03.017_b0285
  article-title: A community detection method based on local optimization in social networks
  publication-title: Ieee Network
  doi: 10.1109/MNET.011.1900472
– ident: 10.1016/j.jksuci.2023.03.017_b0025
  doi: 10.18653/v1/D15-1075
– ident: 10.1016/j.jksuci.2023.03.017_b0065
– volume: 118
  start-page: 102730
  year: 2022
  ident: 10.1016/j.jksuci.2023.03.017_b0235
  article-title: The triggers that open the NLP model backdoors are hidden in the adversarial samples
  publication-title: Comput. Sec.
  doi: 10.1016/j.cose.2022.102730
– volume: 13
  start-page: 171
  year: 2009
  ident: 10.1016/j.jksuci.2023.03.017_b0175
  article-title: A comparison of genetic algorithms, particle swarm optimization and the differential evolution method for the design of scannable circular antenna arrays
  publication-title: Progress Electromagnet. Res. B
  doi: 10.2528/PIERB09011308
– volume: 7
  start-page: 625
  year: 2019
  ident: 10.1016/j.jksuci.2023.03.017_b0275
  article-title: Neural network acceptability judgments
  publication-title: Trans. Assoc. Comput. Linguist.
  doi: 10.1162/tacl_a_00290
– ident: 10.1016/j.jksuci.2023.03.017_b0090
  doi: 10.1609/aaai.v34i05.6311
– ident: 10.1016/j.jksuci.2023.03.017_b0040
– volume: 12
  start-page: 53
  issue: 1
  year: 2004
  ident: 10.1016/j.jksuci.2023.03.017_b0100
  article-title: A simple and global optimization algorithm for engineering problems: differential evolution algorithm
  publication-title: Turkish J. Electr. Eng. Comput. Sci.
– ident: 10.1016/j.jksuci.2023.03.017_b0170
  doi: 10.18653/v1/2020.emnlp-demos.16
– volume: 11
  start-page: 1
  issue: 3
  year: 2020
  ident: 10.1016/j.jksuci.2023.03.017_b0300
  article-title: Adversarial attacks on deep-learning models in natural language processing: A survey
  publication-title: ACM Trans. Intell. Syst. Technol. (TIST)
– ident: 10.1016/j.jksuci.2023.03.017_b0225
– volume: 159
  start-page: 154478
  year: 2023
  ident: 10.1016/j.jksuci.2023.03.017_b0290
  article-title: Adversarial attacks and active defense on deep learning based identification of GaN power amplifiers under physical perturbation
  publication-title: AEU-Int. J. Electron. Commun.
  doi: 10.1016/j.aeue.2022.154478
– volume: 117
  start-page: 102694
  year: 2022
  ident: 10.1016/j.jksuci.2023.03.017_b0195
  article-title: Fuzzing-based hard-label black-box attacks against machine learning models
  publication-title: Comput. Sec.
  doi: 10.1016/j.cose.2022.102694
– volume: 1
  start-page: 9
  issue: 8
  year: 2019
  ident: 10.1016/j.jksuci.2023.03.017_b0205
  article-title: Language models are unsupervised multitask learners
  publication-title: OpenAI blog
– ident: 10.1016/j.jksuci.2023.03.017_b0150
– volume: 15
  start-page: 4
  issue: 1
  year: 2010
  ident: 10.1016/j.jksuci.2023.03.017_b0035
  article-title: Differential evolution: A survey of the state-of-the-art
  publication-title: IEEE Trans. Evol. Comput.
  doi: 10.1109/TEVC.2010.2059031
– ident: 10.1016/j.jksuci.2023.03.017_b0165
  doi: 10.18653/v1/2021.emnlp-main.661
– ident: 10.1016/j.jksuci.2023.03.017_b0185
  doi: 10.3115/1118693.1118704
– ident: 10.1016/j.jksuci.2023.03.017_b0060
  doi: 10.18653/v1/2020.emnlp-main.498
– volume: 32
  start-page: 41
  issue: 1
  year: 2020
  ident: 10.1016/j.jksuci.2023.03.017_b0085
  article-title: Machine learning model security and privacy research: A survey
  publication-title: J. Softw.
– ident: 10.1016/j.jksuci.2023.03.017_b0280
  doi: 10.18653/v1/N18-1101
– ident: 10.1016/j.jksuci.2023.03.017_b0220
– ident: 10.1016/j.jksuci.2023.03.017_b0305
– ident: 10.1016/j.jksuci.2023.03.017_b0115
– ident: 10.1016/j.jksuci.2023.03.017_b0055
  doi: 10.18653/v1/W18-2501
– ident: 10.1016/j.jksuci.2023.03.017_b0160
  doi: 10.1609/aaai.v35i15.17595
– volume: 492
  start-page: 278
  year: 2022
  ident: 10.1016/j.jksuci.2023.03.017_b0200
  article-title: Adversarial attack and defense technologies in natural language processing: A survey
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2022.04.020
– ident: 10.1016/j.jksuci.2023.03.017_b0215
– ident: 10.1016/j.jksuci.2023.03.017_b0030
  doi: 10.18653/v1/D18-2029
– ident: 10.1016/j.jksuci.2023.03.017_b0045
  doi: 10.18653/v1/P18-2006
– ident: 10.1016/j.jksuci.2023.03.017_b0295
  doi: 10.18653/v1/2020.acl-main.540
– ident: 10.1016/j.jksuci.2023.03.017_b0105
  doi: 10.3115/v1/D14-1181
– ident: 10.1016/j.jksuci.2023.03.017_b0145
  doi: 10.24963/ijcai.2018/585
– volume: 1
  start-page: 146
  year: 2019
  ident: 10.1016/j.jksuci.2023.03.017_b0125
  article-title: Discrete adversarial attacks and submodular optimization with applications to text classification
  publication-title: Proc. Mach. Learn. Syst.
– ident: 10.1016/j.jksuci.2023.03.017_b0135
  doi: 10.14722/ndss.2019.23138
– ident: 10.1016/j.jksuci.2023.03.017_b0155
– volume: 28
  issue: 6
  year: 2020
  ident: 10.1016/j.jksuci.2023.03.017_b0010
  article-title: Comparative assessment of light-based intelligent search and optimization algorithms
  publication-title: Light Eng.
– ident: 10.1016/j.jksuci.2023.03.017_b0015
  doi: 10.18653/v1/D18-1316
– ident: 10.1016/j.jksuci.2023.03.017_b0080
– ident: 10.1016/j.jksuci.2023.03.017_b0140
  doi: 10.18653/v1/2020.emnlp-main.500
– ident: 10.1016/j.jksuci.2023.03.017_b0250
– ident: 10.1016/j.jksuci.2023.03.017_b0180
  doi: 10.3115/1219840.1219855
– ident: 10.1016/j.jksuci.2023.03.017_b0240
– ident: 10.1016/j.jksuci.2023.03.017_b0070
– ident: 10.1016/j.jksuci.2023.03.017_b0210
  doi: 10.18653/v1/P19-1103
SSID ssj0001765436
Score 2.2975311
Snippet Deep neural networks that play a pivotal role in fields such as images, text, and audio are vulnerable to adversarial attacks. In current textual adversarial...
SourceID doaj
crossref
elsevier
SourceType Open Website
Index Database
Publisher
StartPage 101539
SubjectTerms Adversarial attack
Black-box attack
Hard-label
Language model
Machine learning
Natural language processing
SummonAdditionalLinks – databaseName: Elsevier ScienceDirect Open Access Journals
  dbid: IXB
  link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07T8MwELYqJhbeiPKSB1bTNPEjHqFqhRgYeEjdovhVwqNFJfD7uXMSKAsDUhZbthPdXe4u0X3fEXKmJZfGhoxl4P4ZFz5l2pqcGZUE7oVz2sdqixt59cCvp2LaI6MOC4Nlla3vb3x69NbtzKCV5uCtqgZ3Q7CeIbKxZzFxmIIfzngeQXzTy5__LArRkxFkhHgd3NAh6GKZ19Pz-4etzrGLeGQ7jZ3LfiJUJPJfCVQrwWeyRTbarJFeNA-2TXp-vkM2u44MtH1Bd8ntODJCQCChWNHBMEY56j9b-6Lly2yxrOrHV1ovKOKtGBiBf6EltmV-L9EYaVnXiLunsBzP2CMPk_H96Iq1XROYzaSqWXBcBCm5S1MtTW6SUpe8FMZYI6QLAfnuLR8GHiBTUjbVEJ60L5HazEvjVbZP1uaLuT8gVDmfWqV95hyoUlmtRQ4DL0KQENbSPmGdpIq3hhyj6KrGnopGsgVKtkjgGqo-uURxfq9Faus4sVjOila3RRpMAkmbhO9Ox40TeWZMErTnwQYD2VSfqE4ZxS9LgaOqP29_-O-dR2QdR02h4zFZq5cf_gSSkdqcRmv7An3s3hc
  priority: 102
  providerName: Elsevier
Title Efficient text-based evolution algorithm to hard-label adversarial attacks on text
URI https://dx.doi.org/10.1016/j.jksuci.2023.03.017
https://doaj.org/article/2fb03926094d4bd583bb0f9e4fcfb993
Volume 35
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV07T8MwELZQWVh4I8pLHlgNaeJHPRbUqnRg4CF1i-IXtECLSsrv585JoBMsSFGkRNY5urv4O1t33xFyriWXxoaMZbD8My58yrQ1XWZUErgXzmkfsy1u5fCRj8ZivNLqC3PCKnrgSnGXaTAJYLiEbYjjxoluZkwStOfBBgPgiqsvYN7KZiqeriismYylRVil0wG_bOrmYnLX9OVjaScX2Ds8cpzGfmU_uBTp-1fgaQVyBttks44Vaa_6xh2y5me7ZKvpw0Dr33KP3PUjDwTAB8U8DobI5Kj_rL2KFq9P88WkfH6j5ZxilRUD0_tXWmAz5o8CXZAWZYnV9hSGo4x98jjoP1wPWd0rgdlMqpIFx0WQkrs01dJ0TVLoghfCGGuEdCEgy73lncADxEfKphpASfsCCc28NF5lB6Q1m8_8IaHK-dQq7TPnwIDKai268OBFCBLALG0T1mgqf68oMfImV2yaV5rNUbN5AldHtckVqvN7LBJaxxdg5rw2c_6XmdtENcbI69igwnwQNfl1-qP_mP6YbKDIKtPxhLTKxdKfQjRSmjOy3uuN7kdn0QHhfjO--gJs49_J
linkProvider Directory of Open Access Journals
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LT9wwEB5ROLQXCn2oSx_40Ku72cSP9bEg0PI8tCDtzYpfNJTuoiX093fGSQq9cKiUSxzbiWYmM1-imW8APhsllPOp4hW6fy5kLLnxbsqdLpKIMgQTc7bFuZpdiuO5nK_B_lALQ2mVve_vfHr21v3IuJfm-LZpxt8naD0TYmOvMnCYP4MNRAOa-jcczfcefrRoKp_MVUZUsEMrhhK6nOd1_fPu3jdfqI14pjvNrcseQlRm8n8UqR5Fn8Mt2OxhI_vaPdk2rMXFK3g5tGRg_Rv6Gr4dZEoIjCSMUjo4BanA4u_ewFh9c7VcNe2PX6xdMiq44mgF8YbV1Jf5riZrZHXbUuE9w-m0xxu4PDy42J_xvm0C95XSLU9ByKSUCGVplJu6oja1qKVz3kkVUiLCey8mSSSEStqXBuOTiTVxm0Xloq7ewvpiuYjvgOkQS69NrEJAXWpvjJziSZQpKYxr5Qj4ICl727Fj2CFt7Np2krUkWVvgMdEj2CNx_p1L3NZ5YLm6sr1ybZlcgahN4YdnEC7IaeVckUwUySeHcGoEelCG_cdUcKvmydvv_PfKXXg-uzg7tadH5yfv4QVd6bIeP8B6u7qPHxGZtO5Ttrw_sTbhNg
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Efficient+text-based+evolution+algorithm+to+hard-label+adversarial+attacks+on+text&rft.jtitle=Journal+of+King+Saud+University.+Computer+and+information+sciences&rft.au=Hao+Peng&rft.au=Zhe+Wang&rft.au=Dandan+Zhao&rft.au=Yiming+Wu&rft.date=2023-05-01&rft.pub=Springer&rft.issn=1319-1578&rft.volume=35&rft.issue=5&rft.spage=101539&rft_id=info:doi/10.1016%2Fj.jksuci.2023.03.017&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_2fb03926094d4bd583bb0f9e4fcfb993
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1319-1578&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1319-1578&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1319-1578&client=summon