Learning the Legibility of Visual Text Perturbations
Many adversarial attacks in NLP perturb inputs to produce visually similar strings ('ergo' \(\rightarrow\) '\(\epsilon\)rgo') which are legible to humans but degrade model performance. Although preserving legibility is a necessary condition for text perturbation, little work has...
Saved in:
Published in | arXiv.org |
---|---|
Main Authors | , , , |
Format | Paper |
Language | English |
Published |
Ithaca
Cornell University Library, arXiv.org
10.03.2023
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Abstract | Many adversarial attacks in NLP perturb inputs to produce visually similar strings ('ergo' \(\rightarrow\) '\(\epsilon\)rgo') which are legible to humans but degrade model performance. Although preserving legibility is a necessary condition for text perturbation, little work has been done to systematically characterize it; instead, legibility is typically loosely enforced via intuitions around the nature and extent of perturbations. Particularly, it is unclear to what extent can inputs be perturbed while preserving legibility, or how to quantify the legibility of a perturbed string. In this work, we address this gap by learning models that predict the legibility of a perturbed string, and rank candidate perturbations based on their legibility. To do so, we collect and release LEGIT, a human-annotated dataset comprising the legibility of visually perturbed text. Using this dataset, we build both text- and vision-based models which achieve up to \(0.91\) F1 score in predicting whether an input is legible, and an accuracy of \(0.86\) in predicting which of two given perturbations is more legible. Additionally, we discover that legible perturbations from the LEGIT dataset are more effective at lowering the performance of NLP models than best-known attack strategies, suggesting that current models may be vulnerable to a broad range of perturbations beyond what is captured by existing visual attacks. Data, code, and models are available at https://github.com/dvsth/learning-legibility-2023. |
---|---|
AbstractList | Many adversarial attacks in NLP perturb inputs to produce visually similar strings ('ergo' \(\rightarrow\) '\(\epsilon\)rgo') which are legible to humans but degrade model performance. Although preserving legibility is a necessary condition for text perturbation, little work has been done to systematically characterize it; instead, legibility is typically loosely enforced via intuitions around the nature and extent of perturbations. Particularly, it is unclear to what extent can inputs be perturbed while preserving legibility, or how to quantify the legibility of a perturbed string. In this work, we address this gap by learning models that predict the legibility of a perturbed string, and rank candidate perturbations based on their legibility. To do so, we collect and release LEGIT, a human-annotated dataset comprising the legibility of visually perturbed text. Using this dataset, we build both text- and vision-based models which achieve up to \(0.91\) F1 score in predicting whether an input is legible, and an accuracy of \(0.86\) in predicting which of two given perturbations is more legible. Additionally, we discover that legible perturbations from the LEGIT dataset are more effective at lowering the performance of NLP models than best-known attack strategies, suggesting that current models may be vulnerable to a broad range of perturbations beyond what is captured by existing visual attacks. Data, code, and models are available at https://github.com/dvsth/learning-legibility-2023. |
Author | Dhingra, Bhuwan Pruthi, Danish Rickard Stureborg Dev, Seth |
Author_xml | – sequence: 1 givenname: Seth surname: Dev fullname: Dev, Seth – sequence: 2 fullname: Rickard Stureborg – sequence: 3 givenname: Danish surname: Pruthi fullname: Pruthi, Danish – sequence: 4 givenname: Bhuwan surname: Dhingra fullname: Dhingra, Bhuwan |
BookMark | eNqNyrsKwjAUgOEgCtbadwg4F9JcTJ1FcejgUFxLCqc1pZxoLqBvr4MP4PQP378hS3QIC5JxIaqylpyvSRHCxBjje82VEhmRDRiPFkca70AbGG1vZxvf1A30ZkMyM23hFekVfEy-N9E6DFuyGswcoPg1J7vzqT1eyod3zwQhdpNLHr_UcV0rqQ-VFuK_6wONhjaA |
ContentType | Paper |
Copyright | 2023. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. |
Copyright_xml | – notice: 2023. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. |
DBID | 8FE 8FG ABJCF ABUWG AFKRA AZQEC BENPR BGLVJ CCPQU DWQXO HCIFZ L6V M7S PIMPY PQEST PQQKQ PQUKI PRINS PTHSS |
DatabaseName | ProQuest SciTech Collection ProQuest Technology Collection Materials Science & Engineering Collection ProQuest Central (Alumni) ProQuest Central ProQuest Central Essentials ProQuest Central Technology Collection ProQuest One Community College ProQuest Central Korea SciTech Premium Collection ProQuest Engineering Collection Engineering Database Publicly Available Content Database ProQuest One Academic Eastern Edition (DO NOT USE) ProQuest One Academic ProQuest One Academic UKI Edition ProQuest Central China Engineering Collection |
DatabaseTitle | Publicly Available Content Database Engineering Database Technology Collection ProQuest Central Essentials ProQuest One Academic Eastern Edition ProQuest Central (Alumni Edition) SciTech Premium Collection ProQuest One Community College ProQuest Technology Collection ProQuest SciTech Collection ProQuest Central China ProQuest Central ProQuest Engineering Collection ProQuest One Academic UKI Edition ProQuest Central Korea Materials Science & Engineering Collection ProQuest One Academic Engineering Collection |
DatabaseTitleList | Publicly Available Content Database |
Database_xml | – sequence: 1 dbid: 8FG name: ProQuest Technology Collection url: https://search.proquest.com/technologycollection1 sourceTypes: Aggregation Database |
DeliveryMethod | fulltext_linktorsrc |
Discipline | Physics |
EISSN | 2331-8422 |
Genre | Working Paper/Pre-Print |
GroupedDBID | 8FE 8FG ABJCF ABUWG AFKRA ALMA_UNASSIGNED_HOLDINGS AZQEC BENPR BGLVJ CCPQU DWQXO FRJ HCIFZ L6V M7S M~E PIMPY PQEST PQQKQ PQUKI PRINS PTHSS |
ID | FETCH-proquest_journals_27854791733 |
IEDL.DBID | 8FG |
IngestDate | Tue Sep 24 19:50:47 EDT 2024 |
IsOpenAccess | true |
IsPeerReviewed | false |
IsScholarly | false |
Language | English |
LinkModel | DirectLink |
MergedId | FETCHMERGED-proquest_journals_27854791733 |
OpenAccessLink | https://www.proquest.com/docview/2785479173/abstract/?pq-origsite=%requestingapplication% |
PQID | 2785479173 |
PQPubID | 2050157 |
ParticipantIDs | proquest_journals_2785479173 |
PublicationCentury | 2000 |
PublicationDate | 20230310 |
PublicationDateYYYYMMDD | 2023-03-10 |
PublicationDate_xml | – month: 03 year: 2023 text: 20230310 day: 10 |
PublicationDecade | 2020 |
PublicationPlace | Ithaca |
PublicationPlace_xml | – name: Ithaca |
PublicationTitle | arXiv.org |
PublicationYear | 2023 |
Publisher | Cornell University Library, arXiv.org |
Publisher_xml | – name: Cornell University Library, arXiv.org |
SSID | ssj0002672553 |
Score | 3.4629776 |
SecondaryResourceType | preprint |
Snippet | Many adversarial attacks in NLP perturb inputs to produce visually similar strings ('ergo' \(\rightarrow\) '\(\epsilon\)rgo') which are legible to humans but... |
SourceID | proquest |
SourceType | Aggregation Database |
SubjectTerms | Datasets Learning Legibility Performance degradation Perturbation Strings |
Title | Learning the Legibility of Visual Text Perturbations |
URI | https://www.proquest.com/docview/2785479173/abstract/ |
hasFullText | 1 |
inHoldings | 1 |
isFullTextHit | |
isPrint | |
link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LSwMxEB5qF8GbT3zUEtBr2Jqk2e5JUHZdxJZFqvRW8hiLIPax24MXf7vJdlcPQo8hkJAQvm9m8s0MwLXQjNlYxjS2PU2F4xCquDB0IK1RXFolhc93Ho5k9iIeJ_1JC7ImF8bLKhtMrIDazo2PkYcsGvRF5JwLHirtowCmDG8XS-r7R_l_1rqZxg4EN74mns8ZTx9-oy1MRs525v8At2KRdB-CXC1wdQAt_DyE3Up8aYojEHWR0xlx1hh5wtlGsfpF5m_k9b1Yqw8ydhhKclw5gtCbGNsxXKXJ-D6jzVbT-lkU079D8BNoO_8eT4Ewbp3NZphGyYViGPO4h0w4JkdUSukz6Gxb6Xz79AXs-Q7ptJKgdaBdrtZ46Xi01N3qiroQ3CWj_NmNht_JD4RAfcc |
link.rule.ids | 786,790,12792,21416,33408,33779,43635,43840 |
linkProvider | ProQuest |
linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1dS8MwFL1oi-ibn_gxNaCvwZFk6fokKBtVu1Kkyt5K0lyHIG6224P_3qTL9EHYcyC5hHDOvScnuQDXQjNmYhnT2HQ1FZZDqOKion1pKsWlUVK4986jTCYv4nHcG3vBrfG2yhUmtkBtppXTyG9Y1O-JyBYX_Hb2RV3XKHe76ltobEIouC1VAgjvBln-_KuyMBnZnJn_A9qWPYa7EOZqhvUebODnPmy1psuqOQDhPzedEJuFkRQnS6fqN5m-kdf3ZqE-SGGxk-RYW2LQS23tEK6Gg-I-oaulSn8cmvIveH4Ega3r8RgI48bmahXTKLlQDGMed5EJy-CISil9Ap11M52uH76E7aQYpWX6kD2dwY7rkk5bG1oHgnm9wHPLpXN94TfsB6PHe5A |
openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Learning+the+Legibility+of+Visual+Text+Perturbations&rft.jtitle=arXiv.org&rft.au=Dev%2C+Seth&rft.au=Rickard+Stureborg&rft.au=Pruthi%2C+Danish&rft.au=Dhingra%2C+Bhuwan&rft.date=2023-03-10&rft.pub=Cornell+University+Library%2C+arXiv.org&rft.eissn=2331-8422 |