Adversarial attacks on machine learning algorithms have been a key deterrent
to the adoption of AI in many real-world use cases. They significantly
undermine the ability of high-performance neural networks by forcing
misclassifications. These attacks introduce minute and structured perturbations
or alterations in the test samples, imperceptible to human annotators in
general, but trained neural networks and other models are sensitive to it.
Historically, adversarial attacks have been first identified and studied in the
domain of image processing. In this paper, we study adversarial examples in the
field of natural language processing, specifically text classification tasks.
We investigate the reasons for adversarial vulnerability, particularly in
relation to the inherent dimensionality of the model. Our key finding is that
there is a very strong correlation between the embedding dimensionality of the
adversarial samples and their effectiveness on models tuned with input samples
with same embedding dimension. We utilize this sensitivity to design an
adversarial defense mechanism. We use ensemble models of varying inherent
dimensionality to thwart the attacks. This is tested on multiple datasets for
its efficacy in providing robustness. We also study the problem of measuring
adversarial perturbation using different distance metrics. For all of the
aforementioned studies, we have run tests on multiple models with varying
dimensionality and used a word-vector level adversarial attack to substantiate
the findings.

机器学习算法的对抗性攻击是人工智能在很多实际应用中的主要障碍之一，通过在测试样本中引入微小和结构化的扰动，对高性能神经网络造成显著影响。本文在自然语言处理领域特别是文本分类任务中研究对抗性示例，探究了对抗性容易受到攻击的原因，特别是与模型固有维度的相关性。我们发现对抗性样本的嵌入维度与模型输入样本具有相同嵌入维度时的有效性之间存在很强的相关性，利用这种敏感性设计了一种对抗性防御机制。通过使用各种固有维度的集成模型来阻止攻击，我们在多个数据集上测试了其有效性。我们还研究了使用不同距离度量来衡量对抗性扰动的问题。对于所有上述研究，我们在具有不同维度的多个模型上进行了测试，并使用词向量级对抗性攻击来证实这些发现。

文本分类器中的对抗攻击与维度

Adversarial Attacks and Dimensionality in Text Classifiers

Convolutional neural network (CNN) has achieved unprecedented success in
image super-resolution tasks in recent years. However, the network's
performance depends on the distribution of the training sets and degrades on
out-of-distribution samples. This paper adopts a Bayesian approach for
estimating uncertainty associated with output and applies it in a deep image
super-resolution model to address the concern mentioned above. We use the
uncertainty estimation technique using the batch-normalization layer, where
stochasticity of the batch mean and variance generate Monte-Carlo (MC) samples.
The MC samples, which are nothing but different super-resolved images using
different stochastic parameters, reconstruct the image, and provide a
confidence or uncertainty map of the reconstruction. We propose a faster
approach for MC sample generation, and it allows the variable image size during
testing. Therefore, it will be useful for image reconstruction domain. Our
experimental findings show that this uncertainty map strongly relates to the
quality of reconstruction generated by the deep CNN model and explains its
limitation. Furthermore, this paper proposes an approach to reduce the model's
uncertainty for an input image, and it helps to defend the adversarial attacks
on the image super-resolution model. The proposed uncertainty reduction
technique also improves the performance of the model for out-of-distribution
test images. To the best of our knowledge, we are the first to propose an
adversarial defense mechanism in any image reconstruction domain.

采用贝叶斯方法为图像超分辨率模型估算输出的不确定性，并利用批标准化层的不确定性估算技术生成 Monte-Carlo 样本，提出一种更快的生成样本的方法，以及降低输入图像的模型不确定性的方法和抵御对抗性攻击的方法以提高模型的性能。