English

Token-Modification Adversarial Attacks for Natural Language Processing: A Survey

Computation and Language 2024-01-09 v3 Cryptography and Security Machine Learning

Abstract

Many adversarial attacks target natural language processing systems, most of which succeed through modifying the individual tokens of a document. Despite the apparent uniqueness of each of these attacks, fundamentally they are simply a distinct configuration of four components: a goal function, allowable transformations, a search method, and constraints. In this survey, we systematically present the different components used throughout the literature, using an attack-independent framework which allows for easy comparison and categorisation of components. Our work aims to serve as a comprehensive guide for newcomers to the field and to spark targeted research into refining the individual attack components.

Keywords

Cite

@article{arxiv.2103.00676,
  title  = {Token-Modification Adversarial Attacks for Natural Language Processing: A Survey},
  author = {Tom Roth and Yansong Gao and Alsharif Abuadbba and Surya Nepal and Wei Liu},
  journal= {arXiv preprint arXiv:2103.00676},
  year   = {2024}
}

Comments

Version 3: edited and expanded

R2 v1 2026-06-23T23:35:49.805Z