Less is More: Understanding Word-level Textual Adversarial Attack via n-gram Frequency Descend. (arXiv:2302.02568v2 [cs.CL] UPDATED)

Word-level textual adversarial attacks have achieved striking performance in
fooling natural language processing models. However, the fundamental questions
of why these attacks are effective, and the intrinsic properties of the
adversarial examples (AEs), are still not well understood. This work attempts
to interpret textual attacks through the lens of $n$-gram frequency.
Specifically, it is revealed that existing word-level attacks exhibit a strong
tendency toward generation of examples with $n$-gram frequency descend
($n$-FD). Intuitively, this finding suggests a natural way to …

adversarial adversarial attacks aes attack attacks language natural language natural language processing performance questions understanding word work