@incollection{fdi:010090432,
  title = {{I}n situ augmentation for defending against adversarial attacks on text classifiers},
  author = {{X}u, {L}. and {B}erti-{E}quille, {L}aure and {C}uesta-{I}nfante, {A}. and {V}eeramachaneni, {K}.},
  editor = {},
  language = {{ENG}},
  abstract = {{I}n text classification, recent research shows that adversarial attack methods can generate sentences that dramatically decrease the classification accuracy of state-of-the-art neural text classifiers. 




{H}owever, very few defense methods have been proposed against these generated high-quality adversarial sentences. {I}n this paper, we propose {LMA}g ({L}anguage-{M}odel-based {A}ugmentation using {G}radient {G}uidance),




an in situ data augmentation method as a defense mechanism effective in two representative defense setups. {S}pecifically, {LMA}g transforms input text during the test time. {I}t uses the norm of the gradient to estimate




the importance of a word to the classifier's prediction, then replaces those words with alternatives proposed by a masked language model. {LMA}g is an additional protection layer on the classifier that counteracts the perturbations




made by adversarial attack methods, thus can protect the classifier from adversarial attack without additional training. {E}xperimental results show that {LMA}g can improve after-attack accuracy of {BERT} text classifier by 51.5% and 17.3% for two setups respectively.},
  keywords = {},
  booktitle = {{N}eural {I}nformation {P}rocessing : 29th {I}nternational {C}onference, {ICONIP} 2022, {V}irtual {E}vent {N}ovembre 22-26, 2022, proceedings, part {III}},
  numero = {13625},
  pages = {485--496},
  address = {{C}ham},
  publisher = {{S}pringer},
  series = {{L}ecture {N}otes in {C}omputer {S}cience},
  year = {2023},
  DOI = {10.1007/978-3-031-30111-7_41},
  ISBN = {978-3-031-30110-0},
  URL = {https://www.documentation.ird.fr/hor/fdi:010090432},
}