Towards Polymorphic Adversarial Examples Generation for Short Text

NLP models are shown to be vulnerable to adversarial examples. The usual attack methods in NLP fields mainly focus on word-level perturbations. However, the word-substitution based method is not suitable for short text. Short texts are more susceptible to word substitution than long texts, which makes semantic shifting more likely to occur, and the number of words in short texts can be modified is small, making the attack difficult to succeed and hard to guarantee naturality and fluency. To tackle the above problems, we present Polymorphic Adversarial Examples Generation (PAEG) attack, a generative method by combining pre-trained language model BERT and Variational Autoencoder. Compared to attack methods proposed in previous literature, the proposed approach can not only generate polymorphic adversarial examples with different forms but also improve the attack success rate significantly on two popular datasets.