-
Putting words into the system's mouth: A targeted attack on neural machine translation using monolingual data poisoning
Neural machine translation systems are known to be vulnerable to adversa...
07/12/2021 ∙ by Jun Wang, et al. ∙
3
∙
share
read it
-
Filling Gender & Number Gaps in Neural Machine Translation with Black-box Context Injection
When translating from a language that does not morphologically mark info...
03/08/2019 ∙ by Amit Moryossef, et al. ∙
0
∙
share
read it
-
On Adversarial Examples for Character-Level Neural Machine Translation
Evaluating on adversarial examples has become a standard procedure to me...
06/23/2018 ∙ by Javid Ebrahimi, et al. ∙
0
∙
share
read it
-
Understanding Pre-Editing for Black-Box Neural Machine Translation
Pre-editing is the process of modifying the source text (ST) so that it ...
02/05/2021 ∙ by Rei Miyata, et al. ∙
0
∙
share
read it
-
Imitation Attacks and Defenses for Black-box Machine Translation Systems
We consider an adversary looking to steal or attack a black-box machine ...
04/30/2020 ∙ by Eric Wallace, et al. ∙
0
∙
share
read it
-
Testing Untestable Neural Machine Translation: An Industrial Case
Neural Machine Translation (NMT) has been widely adopted recently due to...
07/06/2018 ∙ by Wujie Zheng, et al. ∙
0
∙
share
read it
-
Bad Characters: Imperceptible NLP Attacks
Several years of research have shown that machine-learning systems are v...
06/18/2021 ∙ by Nicholas Boucher, et al. ∙
0
∙
share
read it
Targeted Poisoning Attacks on Black-Box Neural Machine Translation
11/02/2020 ∙ by Chang Xu, et al. ∙
28
∙
share
As modern neural machine translation (NMT) systems have been widely deployed, their security vulnerabilities require close scrutiny. Most recently, NMT systems have been shown to be vulnerable to targeted attacks which cause them to produce specific, unsolicited, and even harmful translations. These attacks are usually exploited in a white-box setting, where adversarial inputs causing targeted translations are discovered for a known target system. However, this approach is less useful when the target system is black-box and unknown to the adversary (e.g., secured commercial systems). In this paper, we show that targeted attacks on black-box NMT systems are feasible, based on poisoning a small fraction of their parallel training data. We demonstrate that this attack can be realised practically via targeted corruption of web documents crawled to form the system's training data. We then analyse the effectiveness of the targeted poisoning in two common NMT training scenarios, which are the one-off training and pre-train fine-tune paradigms. Our results are alarming: even on the state-of-the-art systems trained with massive parallel data (tens of millions), the attacks are still successful (over 50 surprisingly low poisoning rates (e.g., 0.006 defences to counter such attacks.
READ FULL TEXT
Comments
There are no comments yet.