%0 Book Section
%9 OS CH : Chapitres d'ouvrages scientifiques
%A Xu, L.
%A Berti-Equille, Laure
%A Cuesta-Infante, A.
%A Veeramachaneni, K.
%T In situ augmentation for defending against adversarial attacks on text classifiers
%B Neural Information Processing : 29th International Conference, ICONIP 2022, Virtual Event Novembre 22-26, 2022, proceedings, part III
%C Cham
%D 2023
%E Tanveer, M.
%E Agarwal, S.
%E Ozawa, S.
%E Ekbal, A.
%E Jatowt, A.
%L fdi:010090432
%G ENG
%I Springer
%@ 978-3-031-30110-0
%N 13625
%P 485-496
%R 10.1007/978-3-031-30111-7_41
%U https://www.documentation.ird.fr/hor/fdi:010090432
%> https://www.documentation.ird.fr/intranet/publi/2025-06/010090432.pdf
%W Horizon (IRD)
%X In text classification, recent research shows that adversarial attack methods can generate sentences that dramatically decrease the classification accuracy of state-of-the-art neural text classifiers. 




However, very few defense methods have been proposed against these generated high-quality adversarial sentences. In this paper, we propose LMAg (Language-Model-based Augmentation using Gradient Guidance),




an in situ data augmentation method as a defense mechanism effective in two representative defense setups. Specifically, LMAg transforms input text during the test time. It uses the norm of the gradient to estimate




the importance of a word to the classifier's prediction, then replaces those words with alternatives proposed by a masked language model. LMAg is an additional protection layer on the classifier that counteracts the perturbations




made by adversarial attack methods, thus can protect the classifier from adversarial attack without additional training. Experimental results show that LMAg can improve after-attack accuracy of BERT text classifier by 51.5% and 17.3% for two setups respectively.
%S Lecture Notes in Computer Science
%B ICONIP : International Conference on Neural Information Processing
%8 2022/11/22-26
%$ 122