Method for preventing text stream order transformation attack

Abstract

The invention discloses a method for preventing a text stream order transformation attack through a method in the field of artificial intelligence. The method comprises three steps: learning randomized sequence probability distribution based on an EM algorithm; generating a randomized sequence key. The training and deployment of the method need to build a running environment comprising pytorch and a dependency library. The optimal sequence probability distribution for resisting the attack is learned through the EM algorithm, and finally an adversarial sample aiming at the stream order attack is incapable of accurately attacking an order code, thereby achieving the effect of preventing the text stream order attack. The method disclosed by the invention has the technical effects that the attack resisting performance is optimal, and the attack intensity of other text attacks can also be weakened.

Description

technical field [0001] The invention relates to the field of artificial intelligence, in particular to a method for preventing text flow sequence transformation attacks. Background technique [0002] Nowadays, natural language processing has been widely used in real life, such as machine translation, automatic summarization, question answering system, etc. The current mainstream natural language processing models such as Bert (Bidirectional Encoder Representation from Transformers) and its variants are all improved based on the Transformer model, mainly relying on its efficient self-attention mechanism and long-term dependency alignment capabilities. However, the self-attention mechanism cannot capture the order information in the sequence alone, so it is necessary to add positional encoding to fully represent the sequence. However, such a position encoding is only a trigonometric function combined with order information, so it only needs to destroy the linearity of the tri...

AI Technical Summary

Problems solved by technology

However, the self-attention mechanism cannot capture the order information in the sequence alone, so it is necessary to add position encoding to fully represent the sequence

However, such position encoding is only a trigonometric function combined with order information, so it only needs to destroy the linearity of the trigonometric function in the position encoding, and it can effectively destroy the order information in the text to reduce the effectiveness of the model.

[0003] Therefore, the current mainstream natural language processing models based on transformer improvements need to use the linearity of trigonometric functions to obtain order information, but such encodings are subject to order attacks, and through research and experiments, we have found that Several methods for generating adversarial examples for sequential encoding. Such adversarial examples can effectively reduce the effectiveness of the model and are not easily detected by humans. The conclusion is that a means of preventing such attacks is currently needed to enhance the security of the model , which is of great significance to the security issues of the mainstream natural language processing model application

[0004] As mentioned above, the current mainstream natural language processing has added sequence coding that utilizes the linearity of trigonometric functions. Attacking sequence coding can easily reduce the accuracy of natural language processing models, but there is no complete targeting of flow sequence. How to defend against attacks

Images