Text Processing Like Humans Do:

Slides:



Advertisements
Similar presentations
Yansong Feng and Mirella Lapata
Advertisements

Linking Entities in #Microposts ROMIL BANSAL, SANDEEP PANEM, PRIYA RADHAKRISHNAN, MANISH GUPTA, VASUDEVA VARMA INTERNATIONAL INSTITUTE OF INFORMATION TECHNOLOGY,
Proceedings of the Conference on Intelligent Text Processing and Computational Linguistics (CICLing-2007) Learning for Semantic Parsing Advisor: Hsin-His.
Matthias Wimmer, Ursula Zucker and Bernd Radig Chair for Image Understanding Computer Science Technische Universität München { wimmerm, zucker, radig
Fabio Massimo Zanzotto and Danilo Croce University of Rome “Tor Vergata” Roma, Italy Reading what Machines ‘Think’
© author(s) of these slides including research results from the KOM research network and TU Darmstadt; otherwise it is specified at the respective slide.
Data Mining and Machine Learning Lab Document Clustering via Matrix Representation Xufei Wang, Jiliang Tang and Huan Liu Arizona State University.
Do Supervised Distributional Methods Really Learn Lexical Inference Relations? Omer Levy Ido Dagan Bar-Ilan University Israel Steffen Remus Chris Biemann.
Andrew Ng CS228: Deep Learning & Unsupervised Feature Learning Andrew Ng TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.:
Lecture 1, 7/21/2005Natural Language Processing1 CS60057 Speech &Natural Language Processing Autumn 2005 Lecture 1 21 July 2005.
TransRank: A Novel Algorithm for Transfer of Rank Learning Depin Chen, Jun Yan, Gang Wang et al. University of Science and Technology of China, USTC Machine.
Translated Learning Wenyuan Dai, Yuqiang Chen, Gui-Rong Xue, Qiang Yang, and Yong Yu. Translated Learning. In Proceedings of Twenty- Second Annual Conference.
Object Bank Presenter : Liu Changyu Advisor : Prof. Alex Hauptmann Interest : Multimedia Analysis April 4 th, 2013.
Part-Of-Speech Tagging using Neural Networks Ankur Parikh LTRC IIIT Hyderabad
A Weakly-Supervised Approach to Argumentative Zoning of Scientific Documents Yufan Guo Anna Korhonen Thierry Poibeau 1 Review By: Pranjal Singh Paper.
Ranking and Classifying Attractiveness of Photos in Folksonomies Jose San Pedro and Stefan Siersdorfer University of Sheffield, L3S Research Center WWW.
Learning to Link with Wikipedia David Milne and Ian H. Witten Department of Computer Science, University of Waikato CIKM 2008 (Best Paper Award) Presented.
October 2005CSA3180 NLP1 CSA3180 Natural Language Processing Introduction and Course Overview.
Computational Linguistics. The Subject Computational Linguistics is a branch of linguistics that concerns with the statistical and rule-based natural.
April 2014 SEWM Event Detection from Social Media: User-centric Parallel Split-n-merge and Composite Kernel  Truc-Vien T. Nguyen, Lugano University,
Iterative similarity based adaptation technique for Cross Domain text classification Under: Prof. Amitabha Mukherjee By: Narendra Roy Roll no: Group:
Natural Language Generation with Tree Conditional Random Fields Wei Lu, Hwee Tou Ng, Wee Sun Lee Singapore-MIT Alliance National University of Singapore.
Peer Review Looking at Texts from a Reader’s Point of View.
Virtual Examples for Text Classification with Support Vector Machines Manabu Sassano Proceedings of the 2003 Conference on Emprical Methods in Natural.
Ganesh J, Soumyajit Ganguly, Manish Gupta, Vasudeva Varma, Vikram Pudi
Short Text Similarity with Word Embedding Date: 2016/03/28 Author: Tom Kenter, Maarten de Rijke Source: CIKM’15 Advisor: Jia-Ling Koh Speaker: Chih-Hsuan.
Word Sense Disambiguation Algorithms in Hindi
University Of Seoul Ubiquitous Sensor Network Lab Query Dependent Pseudo-Relevance Feedback based on Wikipedia 전자전기컴퓨터공학 부 USN 연구실 G
The University of Illinois System in the CoNLL-2013 Shared Task Alla RozovskayaKai-Wei ChangMark SammonsDan Roth Cognitive Computation Group University.
Medical Semantic Similarity with a Neural Language Model Dongfang Xu School of Information Using Skip-gram Model for word embedding.
Intrinsic Subspace Evaluation of Word Embedding Representations Yadollah Yaghoobzadeh and Hinrich Schu ̈ tze Center for Information and Language Processing.
Neural Machine Translation
Generative Adversarial Nets
Deep Learning for Bacteria Event Identification
Guillaume-Alexandre Bilodeau
Deep Compositional Cross-modal Learning to Rank via Local-Global Alignment Xinyang Jiang, Fei Wu, Xi Li, Zhou Zhao, Weiming Lu, Siliang Tang, Yueting.
Article Review Todd Hricik.
Supervised Time Series Pattern Discovery through Local Importance
Natural Language Processing (NLP)
Wei Wei, PhD, Zhanglong Ji, PhD, Lucila Ohno-Machado, MD, PhD
Adversaries.
Introductory Seminar on Research: Fall 2017
Two Discourse Driven Language Models for Semantics
Giuseppe Attardi Dipartimento di Informatica Università di Pisa
Basic Intro Tutorial on Machine Learning and Data Mining
convolutional neural networkS
Distributed Representation of Words, Sentences and Paragraphs
Introduction to Neural Networks
convolutional neural networkS
iSRD Spam Review Detection with Imbalanced Data Distributions
Seminar Topics and Projects
Word embeddings based mapping
CSE 635 Multimedia Information Retrieval
Word embeddings based mapping
Artifacts of Adversarial Examples
View Inter-Prediction GAN: Unsupervised Representation Learning for 3D Shapes by Learning Global Shape Memories to Support Local View Predictions 1,2 1.
Jacob Devlin Ming-Wei Chang Kenton Lee Kristina Toutanova
Earthen Mounds Recognition Using LiDAR Images
Attack and defense on learning-based security system
Natural Language Processing (NLP)
Textual Video Prediction
Adversarial Learning for Security System
CS565: Intelligent Systems and Interfaces
Artificial Intelligence 2004 Speech & Natural Language Processing
Angel A. Cantu, Nami Akazawa Department of Computer Science
Cengizhan Can Phoebe de Nooijer
Bidirectional LSTM-CRF Models for Sequence Tagging
Natural Language Processing (NLP)
Do Better ImageNet Models Transfer Better?
Presentation transcript:

Text Processing Like Humans Do: Visually Attaćking ӓnḓ Shiອlding NLP Systems Șteffԑn Eger, Gözde Gül Şahin, Andrԑas Rücκlé, Ji-Ung ᒷee, ᑕlaựdia Schulz, Mohsԑn Mesgar, Krishῃĸant Swarǹkar, Eḏwin Simpson, Irγna Gurevych Ubiquitous Knowledge Processing Lab AIPHES Research Training Group Technische Universität Darmstadt https://www.ukp.tu-darmstadt.de/ https://www.aiphes.tu-darmstadt.de

Motivation Human vs Machine Text Processing Visual Perturber (VIPER) Making NLP Systems more robust Experiments & Results Recap & Conclusion

Motivatįon

NLP out in the open

NLP out in the open Spamming Domain name spoofing Toxic Comments

NLP out in the open Spamming Domain name spoofing You idiot! You have no idea! Go to hell! Toxic Comments

NLP out in the open Spamming Domain name spoofing You idiot! You have no idea! Go to hell! Toxic Comments

NLP out in the open Spamming Domain name spoofing You idіøƫ! http://wíkipedia.org You idіøƫ! You have no ļḏea! Go to ḥeΙļ! Toxic Comments

NLP out in the open Spamming Domain name spoofing You idіøƫ! http://wíkipedia.org You idіøƫ! You have no ļḏea! Go to ḥeΙļ! Toxic Comments

Humaņ vs Mḁchine ₮ext Proceșsing

Visually Attacking NLP Systems Human Machine You idіøƫ ! You idіøƫ !

Visually Attacking NLP Systems Human Machine You idіøƫ ! You idіøƫ ! You idіøƫ !

Visually Attacking NLP Systems Human Machine You idіøƫ ! You idіøƫ ! You idіøƫ ! i d i o t

Visually Attacking NLP Systems Human Machine You idіøƫ ! You idіøƫ ! You idіøƫ ! i d i o t toxic

Visually Attacking NLP Systems Human Machine You idіøƫ ! You idіøƫ ! i d i ø ƫ 105 100 111 248 427 You idіøƫ ! i d i o t toxic

Visually Attacking NLP Systems Human Machine You idіøƫ ! You idіøƫ ! i d i ø ƫ 105 100 111 248 427 You idіøƫ ! 0.1 . 0.2 0.6 . 0.1 . . . i d i o t toxic

Visually Attacking NLP Systems Human Machine You idіøƫ ! You idіøƫ ! i d i ø ƫ 105 100 111 248 427 You idіøƫ ! 0.1 . 0.2 0.6 . 0.1 . . . i d i o t toxic ? ? ?

Visually Attacking NLP Systems Human Machine You idіøƫ ! You idіøƫ ! i d i ø ƫ 105 100 111 248 427 You idіøƫ ! 0.1 . 0.2 0.6 . 0.1 . . . i d i o t toxic ? ? ?

VIsųal PERturbeґ (VIPER)

Creating Perturbations with VIPER ḁ Character embeddings Use pixel values as initialization Cosine similarity to obtain similar characters a ʂ ᑭ s P

Attacking NLP Systems Test data Use VIPER to perturb characters f u c k i n g p = 0.9 ḟ u c k i n g

Attacking NLP Systems Test data Use VIPER to perturb characters p : probability of perturbing a character Test data f u c k i n g p = 0.9 ḟ u c k i n g

Attacking NLP Systems Test data ? ? ? ? ? ? Use VIPER to perturb characters p : probability of perturbing a character How do state-of-the-art models perform on perturbed test data? Test data f u c k i n g ? ? ? p = 0.9 vs ḟ u c k i n g ? ? ?

Human vs Machine Performance 0% Perturbance: game over man !

Human vs Machine Performance 20% Perturbance: game oveŕ mȃߒ !

Human vs Machine Performance 40% Perturbance: ǥamɜ ŏỽǝʀ ɱaƞ !

Human vs Machine Performance 80% Perturbance: ḡǻmɇ oᶺêr ᶆaƞ !

Human vs Machine Performance 80% Perturbance: ḡǻmɇ oᶺêr ᶆaƞ ! P = 0.8: Human performance ~94% Machine performance ~20-70%

Making NLᑭ Systems more robüsŧ

How to shield against such attacks? Visually Informed Character Embeddings Data Augmentation

How to shield against such attacks? Visually Informed Character Embeddings Data Augmentation

Visually Informed Character Embeddings Visually uninformed Visually informed T h e c a t T h e c a t

Visually Informed Character Embeddings Visually uninformed Visually informed 0.1 . 0.2 0.7 . 0.2 . . . random init T h e c a t T h e c a t

Visually Informed Character Embeddings Visually uninformed Visually informed non-toxic 0.1 . 0.2 0.7 . 0.2 . . . random init T h e c a t T h e c a t

Visually Informed Character Embeddings Visually uninformed Visually informed non-toxic 0.1 . 0.2 0.7 . 0.2 . . . random init pixel images T h e c a t T h e c a t

Visually Informed Character Embeddings Visually uninformed Visually informed non-toxic 0.1 . 0.2 0.7 . 0.2 0.5 . 0.3 0.8 . 0.1 . . . . . . random init pixel images T h e c a t T h e c a t

Visually Informed Character Embeddings Visually uninformed Visually informed non-toxic non-toxic 0.1 . 0.2 0.7 . 0.2 0.5 . 0.3 0.8 . 0.1 . . . . . . random init pixel images T h e c a t T h e c a t

Visually Informed Character Embeddings No random initialization of character embeddings Use concatenated pixel values non-toxic 0.5 . 0.3 0.8 . 0.1 . . . pixel images T h e c a t

Visually Informed Character Embeddings No random initialization of character embeddings Use concatenated pixel values Visual similarities can now be learned during training More likely to generalize better to new characters during testing non-toxic 0.5 . 0.3 0.8 . 0.1 . . . pixel images T h e c a t

How to shield against such attacks? Visually Informed Character Embeddings Data Augmentation

Adversarial Training Training data f u c k i n g

Adversarial Training Training data Enrich training data with perturbations [Goodfellow et al, 2015] p = 0.2 . . . Training data f u c k i n g

Adversarial Training Training data Enrich training data with perturbations [Goodfellow et al, 2015] 0.5 . 0.3 0.8 . 0.1 . . . . . . ḟ u c k i n g p = 0.2 . . . Training data f u c k i n g

Adversarial Training Training data Enrich training data with perturbations [Goodfellow et al, 2015] toxic 0.5 . 0.3 0.8 . 0.1 . . . . . . ḟ u c k i n g p = 0.2 . . . Training data f u c k i n g

Adversarial Training Training data Enrich training data with perturbations [Goodfellow et al, 2015] Seeing perturbed data during training allows the model to recognize it during testing toxic 0.5 . 0.3 0.8 . 0.1 . . . . . . ḟ u c k i n g p = 0.2 . . . Training data f u c k i n g

Exᵽeriments & Results

General Setup ELMo embeddings [Peters et al, 2018]

General Setup ELMo embeddings [Peters et al, 2018] Evaluation on four downstream tasks: Character level: Grapheme to phoneme conversion Word level: PoS Tagging Chunking Sentence level: Toxic comment classification

General Setup ELMo embeddings [Peters et al, 2018] Evaluation on four downstream tasks: Character level: Grapheme to phoneme conversion Word level: PoS Tagging Chunking Sentence level: Toxic comment classification Different embedding spaces for generating perturbed test data

General Setup ELMo embeddings [Peters et al, 2018] Evaluation on four downstream tasks: Character level: Grapheme to phoneme conversion Word level: PoS Tagging Chunking Sentence level: Toxic comment classification Different embedding spaces for generating perturbed test data

Results 20% Perturbance: Visually informed adversarial training game oveŕ mȃߒ ! Pos Tagging Toxic Comment Pos Tagging Toxic Comment Improvement over Visually Uninformed Improvement over Visually Uninformed Probability of Perturbation (P) Probability of Perturbation (P)

Results 40% Perturbance: Visually informed adversarial training ǥamɜ ŏỽǝʀ ɱaƞ ! Pos Tagging Toxic Comment Pos Tagging Toxic Comment Improvement over Visually Uninformed Improvement over Visually Uninformed Probability of Perturbation (P) Probability of Perturbation (P)

Results 80% Perturbance: Visually informed adversarial training ḡǻmɇ oᶺêr ᶆaƞ ! Pos Tagging Toxic Comment Pos Tagging Toxic Comment Improvement over Visually Uninformed Improvement over Visually Uninformed Probability of Perturbation (P) Probability of Perturbation (P)

Visually informed + adversarial training Results Visually informed + adversarial training Pos Tagging Toxic Comment Improvement over Visually Uninformed Probability of Perturbation (P)

Recap Machine i d і ø ƫ toxic

Recap Machine Data Augmentation i d і ø ƫ Training data toxic

Machine Recap Data Augmentation Visual Information ḟ toxic i d і ø ƫ Training data ḟ toxic

So doeʂ ⅰt heΙp ?

ỾES! Conclusion We were able to make NLP systems more robust The suggested methods improve the performance on perturbed data Combining visually informed embeddings with adversarial training is very helpful

Thank you for listening! https://github.com/UKPLab/naacl2019-like-humans-visual-attacks

References Frederick Liu, Han Lu, Chieh Lo, and Graham Neubig. 2017. Learning character-level composition-ality with visual features. InProceedings of the 55th Annual Meeting of the Association for Computational Linguistics, ACL 2017, Vancouver, Canada,July 30 - August 4, Volume 1: Long Papers, pages 2059–2068 Matthew Peters, Mark Neumann, Mohit Iyyer, Matt Gardner, Christopher Clark, Kenton Lee, and Luke Zettlemoyer. 2018. Deep contextualized word representations. In Proceedings of the 2018 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long Papers), pages 2227–2237. Association for Computational Linguistics. Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In International Conference on Learning Representations.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.