• Corpus ID: 220968803

One word at a time: adversarial attacks on retrieval models

@article{Raval2020OneWA,
  title={One word at a time: adversarial attacks on retrieval models},
  author={Nisarg Raval and Manisha Verma},
  journal={ArXiv},
  year={2020},
  volume={abs/2008.02197}
}
Adversarial examples, generated by applying small perturbations to input features, are widely used to fool classifiers and measure their robustness to noisy inputs. However, little work has been done to evaluate the robustness of ranking models through adversarial examples. In this work, we present a systematic approach of leveraging adversarial examples to measure the robustness of popular ranking models. We explore a simple method to generate adversarial examples that forces a ranker to… 

Figures and Tables from this paper

Adversarial Attack and Defence through Adversarial Training and Feature Fusion for Diabetic Retinopathy Recognition
TLDR
A framework is introduced that provides a defensive model against the adversarial speckle-noise attack,The adversarial training, and a feature fusion strategy, which preserves the classification with correct labelling and proves that the proposed defensive model is robust.
PRADA: Practical Black-Box Adversarial Attacks against Neural Ranking Models
TLDR
The Adversarial Document Ranking Attack (ADRA) task against NRMs, which aims to promote a target document in rankings by adding adversarial perturbations to its text, is introduced and a novel Pseudo Relevance-based ADversarial ranking Attack method (PRADA) is proposed that can outperform existing attack strategies and successfully fool the NRM with small indiscernible perturbation of text.
Subverting Fair Image Search with Generative Adversarial Perturbations
TLDR
This work develops and then attacks a state-of-the-art, fairness-aware image search engine using images that have been maliciously modified using a Generative Adversarial Perturbation (GAP) model, demonstrating that these attacks are robust across a number of variables, that they have close to zero impact on the relevance of search results, and that they succeed under a strict threat model.

References

SHOWING 1-10 OF 16 REFERENCES
Explaining and Harnessing Adversarial Examples
TLDR
It is argued that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature, supported by new quantitative results while giving the first explanation of the most intriguing fact about them: their generalization across architectures and training sets.
Deep Text Classification Can be Fooled
TLDR
An effective method to craft text adversarial samples that can successfully fool both state-of-the-art character-level and word-level DNN-based text classifiers and is difficult to be perceived.
One Pixel Attack for Fooling Deep Neural Networks
TLDR
This paper proposes a novel method for generating one-pixel adversarial perturbations based on differential evolution (DE), which requires less adversarial information (a black-box attack) and can fool more types of networks due to the inherent features of DE.
Crafting adversarial input sequences for recurrent neural networks
TLDR
This paper investigates adversarial input sequences for recurrent neural networks processing sequential data and shows that the classes of algorithms introduced previously to craft adversarial samples misclassified by feed-forward neural networks can be adapted to recurrent Neural networks.
A Dual Embedding Space Model for Document Ranking
TLDR
The proposed Dual Embedding Space Model (DESM) captures evidence on whether a document is about a query term in addition to what is modelled by traditional term-frequency based approaches, and shows that the DESM can re-rank top documents returned by a commercial Web search engine, like Bing, better than a term-matching based signal like TF-IDF.
End-to-End Neural Ad-hoc Ranking with Kernel Pooling
TLDR
K-NRM uses a translation matrix that models word-level similarities via word embeddings, a new kernel-pooling technique that uses kernels to extract multi-level soft match features, and a learning-to-rank layer that combines those features into the final ranking score.
GloVe: Global Vectors for Word Representation
TLDR
A new global logbilinear regression model that combines the advantages of the two major model families in the literature: global matrix factorization and local context window methods and produces a vector space with meaningful substructure.
Learning to Match using Local and Distributed Representations of Text for Web Search
TLDR
This work proposes a novel document ranking model composed of two separate deep neural networks, one that matches the query and the document using a local representation, and another that Matching with distributed representations complements matching with traditional local representations.
MS MARCO: A Human Generated MAchine Reading COmprehension Dataset
TLDR
This new dataset is aimed to overcome a number of well-known weaknesses of previous publicly available datasets for the same task of reading comprehension and question answering, and is the most comprehensive real-world dataset of its kind in both quantity and quality.
A Deep Relevance Matching Model for Ad-hoc Retrieval
TLDR
A novel deep relevance matching model (DRMM) for ad-hoc retrieval that employs a joint deep architecture at the query term level for relevance matching and can significantly outperform some well-known retrieval models as well as state-of-the-art deep matching models.
...
1
2
...