Synonym-based Adversarial Attacks in Arabic Text Classification Systems

dc.contributor.advisorMatthews, Jeanna
dc.contributor.authorAlshahrani, Norah Falah S
dc.date.accessioned2024-05-26T10:03:01Z
dc.date.available2024-05-26T10:03:01Z
dc.date.issued2024-05-21
dc.description.abstractText classification systems have been proven vulnerable to adversarial text examples, modified versions of the original text examples that are often unnoticed by human eyes, yet can force text classification models to alter their classification. Often, research works quantifying the impact of adversarial text attacks have been applied only to models trained in English. In this thesis, we introduce the first word-level study of adversarial attacks in Arabic. Specifically, we use a synonym (word-level) attack using a Masked Language Modeling (MLM) task with a BERT model in a black-box setting to assess the robustness of the state-of-the-art text classification models to adversarial attacks in Arabic. To evaluate the grammatical and semantic similarities of the newly produced adversarial examples using our synonym BERT-based attack, we invite four human evaluators to assess and compare the produced adversarial examples with their original examples. We also study the transferability of these newly produced Arabic adversarial examples to various models and investigate the effectiveness of defense mechanisms against these adversarial examples on the BERT models. We find that fine-tuned BERT models were more susceptible to our synonym attacks than the other Deep Neural Networks (DNN) models like WordCNN and WordLSTM we trained. We also find that fine-tuned BERT models were more susceptible to transferred attacks. We, lastly, find that fine-tuned BERT models successfully regain at least 2% in accuracy after applying adversarial training as an initial defense mechanism. We share our code scripts and trained models on GitHub at https://github.com/NorahAlshahrani/bert_synonym_attack.
dc.format.extent68
dc.identifier.urihttps://hdl.handle.net/20.500.14154/72117
dc.language.isoen_US
dc.publisherClarkson University
dc.subjectAdversarial Examples
dc.subjectArabic Synonym Attack
dc.subjectText Classification
dc.subjectBERT
dc.titleSynonym-based Adversarial Attacks in Arabic Text Classification Systems
dc.typeThesis
sdl.degree.departmentComputer Science
sdl.degree.disciplineComputer Science
sdl.degree.grantorClarkson
sdl.degree.nameMaster of Science

Files

Copyright owned by the Saudi Digital Library (SDL) © 2024