-
On Adversarial Examples for Character-Level Neural Machine Translation
Evaluating on adversarial examples has become a standard procedure to me...
06/23/2018 ∙ by Javid Ebrahimi, et al. ∙
0
∙
share
read it
-
Filling Gender & Number Gaps in Neural Machine Translation with Black-box Context Injection
When translating from a language that does not morphologically mark info...
03/08/2019 ∙ by Amit Moryossef, et al. ∙
0
∙
share
read it
-
Testing Untestable Neural Machine Translation: An Industrial Case
Neural Machine Translation (NMT) has been widely adopted recently due to...
07/06/2018 ∙ by Wujie Zheng, et al. ∙
0
∙
share
read it
-
Adversarial Black-Box Attacks for Automatic Speech Recognition Systems Using Multi-Objective Genetic Optimization
Fooling deep neural networks with adversarial input have exposed a signi...
11/04/2018 ∙ by Shreya Khare, et al. ∙
0
∙
share
read it
-
Imitation Attacks and Defenses for Black-box Machine Translation Systems
We consider an adversary looking to steal or attack a black-box machine ...
04/30/2020 ∙ by Eric Wallace, et al. ∙
0
∙
share
read it
-
You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion
Code autocompletion is an integral feature of modern code editors and ID...
07/05/2020 ∙ by Roei Schuster, et al. ∙
0
∙
share
read it
-
Automatic Testing and Improvement of Machine Translation
This paper presents TransRepair, a fully automatic approach for testing ...
10/07/2019 ∙ by Zeyu Sun, et al. ∙
0
∙
share
read it
Targeted Poisoning Attacks on Black-Box Neural Machine Translation
11/02/2020 ∙ by Chang Xu, et al. ∙
28
∙
share
As modern neural machine translation (NMT) systems have been widely deployed, their security vulnerabilities require close scrutiny. Most recently, NMT systems have been shown to be vulnerable to targeted attacks which cause them to produce specific, unsolicited, and even harmful translations. These attacks are usually exploited in a white-box setting, where adversarial inputs causing targeted translations are discovered for a known target system. However, this approach is less useful when the target system is black-box and unknown to the adversary (e.g., secured commercial systems). In this paper, we show that targeted attacks on black-box NMT systems are feasible, based on poisoning a small fraction of their parallel training data. We demonstrate that this attack can be realised practically via targeted corruption of web documents crawled to form the system's training data. We then analyse the effectiveness of the targeted poisoning in two common NMT training scenarios, which are the one-off training and pre-train fine-tune paradigms. Our results are alarming: even on the state-of-the-art systems trained with massive parallel data (tens of millions), the attacks are still successful (over 50 surprisingly low poisoning rates (e.g., 0.006 defences to counter such attacks.
READ FULL TEXT
Comments
There are no comments yet.