Skip to content

RishabhMaheshwary/hard-label-attack

Repository files navigation

Generating Natural Language Attacks in a Hard Label Black Box Setting

This repository contains source code for the research work described in our AAAI 2021 paper:

Generating Natural Language Attacks in a Hard Label Black Box Setting

The hard label attack has also been implemented in TextAttack library.

Follow these steps to run the attack from the library:

  1. Fork the repository

  2. Run the following command to install it.

    $ cd TextAttack
    $ pip install -e . ".[dev]"
    
  3. Run the following command to attack bert-base-uncased trained on MovieReview dataset.

    $ textattack attack --recipe hard-label-attack --model bert-base-uncased-mr --num-examples 100
    

Take a look at the models directory in TextAttack to run the attack across any dataset and any target model.

Instructions for running the attack from this repository.

Requirements

  • Pytorch >= 0.4
  • Tensorflow >= 1.0
  • Numpy
  • Python >= 3.6
  • Tensorflow 2.1.0
  • TensorflowHub

Download Dependencies

  • Download pretrained target models for each dataset bert, lstm, cnn unzip it.

  • Download the counter-fitted-vectors from here and place it in the main directory.

  • Download top 50 synonym file from here and place it in the main directory.

  • Download the glove 200 dimensional vectors from here unzip it.

How to Run:

Use the following command to get the results.

For BERT model

python3 classification_attack.py \
        --dataset_path path_to_data_samples_to_attack  \
        --target_model Type_of_taget_model (bert,wordCNN,wordLSTM) \
        --counter_fitting_cos_sim_path path_to_top_50_synonym_file \
        --target_dataset dataset_to_attack (imdb,ag,yelp,yahoo,mr) \
        --target_model_path path_to_pretrained_target_model \
        --USE_cache_path " " \
        --max_seq_length 256 \
        --sim_score_window 40 \
        --nclasses classes_in_the_dataset_to_attack

Example of attacking BERT on IMDB dataset.


python3 classification_attack.py \
        --dataset_path data/imdb  \
        --target_model bert \
        --counter_fitting_cos_sim_path mat.txt \
        --target_dataset imdb \
        --target_model_path bert/imdb \
        --USE_cache_path " " \
        --max_seq_length 256 \
        --sim_score_window 40 \
        --nclasses 2

Example of attacking BERT on SNLI dataset.


python3 nli_attack.py \
        --dataset_path data/snli  \
        --target_model bert \
        --counter_fitting_cos_sim_path mat.txt \
        --target_dataset snli \
        --target_model_path bert/snli \
        --USE_cache_path "nli_cache" \
        --sim_score_window 40

Results

The results will be available in results_hard_label directory for classification task and in results_nli_hard_label for entailment tasks. For attacking other target models look at the commands folder.

Training target models

To train BERT on a particular dataset use the commands provided in the BERT directory. For training LSTM and CNN models run the train_classifier.py --<model_name> --<dataset>.

If you find our repository helpful, consider citing our work.

@article{maheshwary2020generating,
  title={Generating Natural Language Attacks in a Hard Label Black Box Setting},
  author={Maheshwary, Rishabh and Maheshwary, Saket and Pudi, Vikram},
  journal={arXiv preprint arXiv:2012.14956},
  year={2020}
}

Releases

No releases published

Packages

No packages published