Rebuild and Ensemble: Exploring Defense Against Text Adversaries
Abstract: Adversarial attacks can mislead strong neural models; as such, in NLP tasks, substitution-based attacks are difficult to defend. Current defense methods usually assume that the substitution candidates are accessible, which cannot be widely applied against substitution-agnostic attacks. In this paper, we propose a \textbf{Rebuild and Ensemble} Framework to defend against adversarial attacks in texts without knowing the candidates.We propose a rebuild mechanism to train a robust model and ensemble the rebuilt texts during inference to achieve good adversarial defense results.Experiments show that our method can improve accuracy under the current strong attack methods.
0 Replies
Loading