Presentation is loading. Please wait.

Presentation is loading. Please wait.

Text Processing Like Humans Do:

Published byBruno Juneau Modified over 5 years ago

Similar presentations

Presentation on theme: "Text Processing Like Humans Do:"— Presentation transcript:

1 Text Processing Like Humans Do:
Visually Attaćking ӓnḓ Shiອlding NLP Systems Șteffԑn Eger, Gözde Gül Şahin, Andrԑas Rücκlé, Ji-Ung ᒷee, ᑕlaựdia Schulz, Mohsԑn Mesgar, Krishῃĸant Swarǹkar, Eḏwin Simpson, Irγna Gurevych Ubiquitous Knowledge Processing Lab AIPHES Research Training Group Technische Universität Darmstadt

2 Motivation Human vs Machine Text Processing Visual Perturber (VIPER) Making NLP Systems more robust Experiments & Results Recap & Conclusion

3 Motivatįon

4 NLP out in the open

5 NLP out in the open Spamming Domain name spoofing Toxic Comments

6 NLP out in the open Spamming Domain name spoofing You idiot!
You have no idea! Go to hell! Toxic Comments

7 NLP out in the open Spamming Domain name spoofing You idiot!
You have no idea! Go to hell! Toxic Comments

8 NLP out in the open Spamming Domain name spoofing You idіøƫ!
You idіøƫ! You have no ļḏea! Go to ḥeΙļ! Toxic Comments

9 NLP out in the open Spamming Domain name spoofing You idіøƫ!
You idіøƫ! You have no ļḏea! Go to ḥeΙļ! Toxic Comments

10 Humaņ vs Mḁchine ₮ext Proceșsing

11 Visually Attacking NLP Systems
Human Machine You idіøƫ ! You idіøƫ !

12 Visually Attacking NLP Systems
Human Machine You idіøƫ ! You idіøƫ ! You idіøƫ !

13 Visually Attacking NLP Systems
Human Machine You idіøƫ ! You idіøƫ ! You idіøƫ ! i d i o t

14 Visually Attacking NLP Systems
Human Machine You idіøƫ ! You idіøƫ ! You idіøƫ ! i d i o t toxic

15 Visually Attacking NLP Systems
Human Machine You idіøƫ ! You idіøƫ ! i d i ø ƫ You idіøƫ ! i d i o t toxic

16 Visually Attacking NLP Systems
Human Machine You idіøƫ ! You idіøƫ ! i d i ø ƫ You idіøƫ ! 0.1 . 0.2 0.6 . 0.1 i d i o t toxic

17 Visually Attacking NLP Systems
Human Machine You idіøƫ ! You idіøƫ ! i d i ø ƫ You idіøƫ ! 0.1 . 0.2 0.6 . 0.1 i d i o t toxic ? ? ?

18 Visually Attacking NLP Systems
Human Machine You idіøƫ ! You idіøƫ ! i d i ø ƫ You idіøƫ ! 0.1 . 0.2 0.6 . 0.1 i d i o t toxic ? ? ?

19 VIsųal PERturbeґ (VIPER)

20 Creating Perturbations with VIPER
Character embeddings Use pixel values as initialization Cosine similarity to obtain similar characters a ʂ s P

21 Attacking NLP Systems Test data Use VIPER to perturb characters
f u c k i n g p = 0.9 ḟ u c k i n g

22 Attacking NLP Systems Test data Use VIPER to perturb characters
p : probability of perturbing a character Test data f u c k i n g p = 0.9 ḟ u c k i n g

23 Attacking NLP Systems Test data ? ? ? ? ? ?
Use VIPER to perturb characters p : probability of perturbing a character How do state-of-the-art models perform on perturbed test data? Test data f u c k i n g ? ? ? p = 0.9 vs ḟ u c k i n g ? ? ?

24 Human vs Machine Performance
0% Perturbance: game over man !

25 Human vs Machine Performance
20% Perturbance: game oveŕ mȃߒ !

26 Human vs Machine Performance
40% Perturbance: ǥamɜ ŏỽǝʀ ɱaƞ !

27 Human vs Machine Performance
80% Perturbance: ḡǻmɇ oᶺêr ᶆaƞ !

28 Human vs Machine Performance
80% Perturbance: ḡǻmɇ oᶺêr ᶆaƞ ! P = 0.8: Human performance ~94% Machine performance ~20-70%

29 Making NLᑭ Systems more robüsŧ

30 How to shield against such attacks?
Visually Informed Character Embeddings Data Augmentation

31 How to shield against such attacks?
Visually Informed Character Embeddings Data Augmentation

32 Visually Informed Character Embeddings
Visually uninformed Visually informed T h e c a t T h e c a t

33 Visually Informed Character Embeddings
Visually uninformed Visually informed 0.1 . 0.2 0.7 . 0.2 random init T h e c a t T h e c a t

34 Visually Informed Character Embeddings
Visually uninformed Visually informed non-toxic 0.1 . 0.2 0.7 . 0.2 random init T h e c a t T h e c a t

35 Visually Informed Character Embeddings
Visually uninformed Visually informed non-toxic 0.1 . 0.2 0.7 . 0.2 random init pixel images T h e c a t T h e c a t

36 Visually Informed Character Embeddings
Visually uninformed Visually informed non-toxic 0.1 . 0.2 0.7 . 0.2 0.5 . 0.3 0.8 . 0.1 random init pixel images T h e c a t T h e c a t

37 Visually Informed Character Embeddings
Visually uninformed Visually informed non-toxic non-toxic 0.1 . 0.2 0.7 . 0.2 0.5 . 0.3 0.8 . 0.1 random init pixel images T h e c a t T h e c a t

38 Visually Informed Character Embeddings
No random initialization of character embeddings Use concatenated pixel values non-toxic 0.5 . 0.3 0.8 . 0.1 pixel images T h e c a t

39 Visually Informed Character Embeddings
No random initialization of character embeddings Use concatenated pixel values Visual similarities can now be learned during training More likely to generalize better to new characters during testing non-toxic 0.5 . 0.3 0.8 . 0.1 pixel images T h e c a t

40 How to shield against such attacks?
Visually Informed Character Embeddings Data Augmentation

41 Adversarial Training Training data f u c k i n g

42 Adversarial Training Training data
Enrich training data with perturbations [Goodfellow et al, 2015] p = 0.2 Training data f u c k i n g

43 Adversarial Training Training data
Enrich training data with perturbations [Goodfellow et al, 2015] 0.5 . 0.3 0.8 . 0.1 ḟ u c k i n g p = 0.2 Training data f u c k i n g

44 Adversarial Training Training data
Enrich training data with perturbations [Goodfellow et al, 2015] toxic 0.5 . 0.3 0.8 . 0.1 ḟ u c k i n g p = 0.2 Training data f u c k i n g

45 Adversarial Training Training data
Enrich training data with perturbations [Goodfellow et al, 2015] Seeing perturbed data during training allows the model to recognize it during testing toxic 0.5 . 0.3 0.8 . 0.1 ḟ u c k i n g p = 0.2 Training data f u c k i n g

46 Exᵽeriments & Results

47 General Setup ELMo embeddings [Peters et al, 2018]

48 General Setup ELMo embeddings [Peters et al, 2018]
Evaluation on four downstream tasks: Character level: Grapheme to phoneme conversion Word level: PoS Tagging Chunking Sentence level: Toxic comment classification

49 General Setup ELMo embeddings [Peters et al, 2018]
Evaluation on four downstream tasks: Character level: Grapheme to phoneme conversion Word level: PoS Tagging Chunking Sentence level: Toxic comment classification Different embedding spaces for generating perturbed test data

50 General Setup ELMo embeddings [Peters et al, 2018]
Evaluation on four downstream tasks: Character level: Grapheme to phoneme conversion Word level: PoS Tagging Chunking Sentence level: Toxic comment classification Different embedding spaces for generating perturbed test data

51 Results 20% Perturbance: Visually informed adversarial training
game oveŕ mȃߒ ! Pos Tagging Toxic Comment Pos Tagging Toxic Comment Improvement over Visually Uninformed Improvement over Visually Uninformed Probability of Perturbation (P) Probability of Perturbation (P)

52 Results 40% Perturbance: Visually informed adversarial training
ǥamɜ ŏỽǝʀ ɱaƞ ! Pos Tagging Toxic Comment Pos Tagging Toxic Comment Improvement over Visually Uninformed Improvement over Visually Uninformed Probability of Perturbation (P) Probability of Perturbation (P)

53 Results 80% Perturbance: Visually informed adversarial training
ḡǻmɇ oᶺêr ᶆaƞ ! Pos Tagging Toxic Comment Pos Tagging Toxic Comment Improvement over Visually Uninformed Improvement over Visually Uninformed Probability of Perturbation (P) Probability of Perturbation (P)

54 Visually informed + adversarial training
Results Visually informed + adversarial training Pos Tagging Toxic Comment Improvement over Visually Uninformed Probability of Perturbation (P)

55 Recap Machine i d і ø ƫ toxic

56 Recap Machine Data Augmentation i d і ø ƫ Training data toxic

57 Machine Recap Data Augmentation Visual Information ḟ toxic i d і ø ƫ
Training data toxic

58 So doeʂ ⅰt heΙp ?

59 ỾES! Conclusion We were able to make NLP systems more robust
The suggested methods improve the performance on perturbed data Combining visually informed embeddings with adversarial training is very helpful

60 Thank you for listening!

61 References Frederick Liu, Han Lu, Chieh Lo, and Graham Neubig Learning character-level composition-ality with visual features. InProceedings of the 55th Annual Meeting of the Association for Computational Linguistics, ACL 2017, Vancouver, Canada,July 30 - August 4, Volume 1: Long Papers, pages 2059–2068 Matthew Peters, Mark Neumann, Mohit Iyyer, Matt Gardner, Christopher Clark, Kenton Lee, and Luke Zettlemoyer Deep contextualized word representations. In Proceedings of the 2018 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long Papers), pages 2227–2237. Association for Computational Linguistics. Ian Goodfellow, Jonathon Shlens, and Christian Szegedy Explaining and harnessing adversarial examples. In International Conference on Learning Representations.

Download ppt "Text Processing Like Humans Do:"

Similar presentations

Yansong Feng and Mirella Lapata

Yansong Feng and Mirella Lapata
Linking Entities in #Microposts ROMIL BANSAL, SANDEEP PANEM, PRIYA RADHAKRISHNAN, MANISH GUPTA, VASUDEVA VARMA INTERNATIONAL INSTITUTE OF INFORMATION TECHNOLOGY,

Linking Entities in #Microposts ROMIL BANSAL, SANDEEP PANEM, PRIYA RADHAKRISHNAN, MANISH GUPTA, VASUDEVA VARMA INTERNATIONAL INSTITUTE OF INFORMATION TECHNOLOGY,
Proceedings of the Conference on Intelligent Text Processing and Computational Linguistics (CICLing-2007) Learning for Semantic Parsing Advisor: Hsin-His.

Proceedings of the Conference on Intelligent Text Processing and Computational Linguistics (CICLing-2007) Learning for Semantic Parsing Advisor: Hsin-His.
Matthias Wimmer, Ursula Zucker and Bernd Radig Chair for Image Understanding Computer Science Technische Universität München { wimmerm, zucker, radig

Matthias Wimmer, Ursula Zucker and Bernd Radig Chair for Image Understanding Computer Science Technische Universität München { wimmerm, zucker, radig
Fabio Massimo Zanzotto and Danilo Croce University of Rome “Tor Vergata” Roma, Italy Reading what Machines ‘Think’

Fabio Massimo Zanzotto and Danilo Croce University of Rome “Tor Vergata” Roma, Italy Reading what Machines ‘Think’
© author(s) of these slides including research results from the KOM research network and TU Darmstadt; otherwise it is specified at the respective slide.

© author(s) of these slides including research results from the KOM research network and TU Darmstadt; otherwise it is specified at the respective slide.
Data Mining and Machine Learning Lab Document Clustering via Matrix Representation Xufei Wang, Jiliang Tang and Huan Liu Arizona State University.

Data Mining and Machine Learning Lab Document Clustering via Matrix Representation Xufei Wang, Jiliang Tang and Huan Liu Arizona State University.
Do Supervised Distributional Methods Really Learn Lexical Inference Relations? Omer Levy Ido Dagan Bar-Ilan University Israel Steffen Remus Chris Biemann.

Do Supervised Distributional Methods Really Learn Lexical Inference Relations? Omer Levy Ido Dagan Bar-Ilan University Israel Steffen Remus Chris Biemann.
Andrew Ng CS228: Deep Learning & Unsupervised Feature Learning Andrew Ng TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.:

Andrew Ng CS228: Deep Learning & Unsupervised Feature Learning Andrew Ng TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.:
Lecture 1, 7/21/2005Natural Language Processing1 CS60057 Speech &Natural Language Processing Autumn 2005 Lecture 1 21 July 2005.

Lecture 1, 7/21/2005Natural Language Processing1 CS60057 Speech &Natural Language Processing Autumn 2005 Lecture 1 21 July 2005.
TransRank: A Novel Algorithm for Transfer of Rank Learning Depin Chen, Jun Yan, Gang Wang et al. University of Science and Technology of China, USTC Machine.

TransRank: A Novel Algorithm for Transfer of Rank Learning Depin Chen, Jun Yan, Gang Wang et al. University of Science and Technology of China, USTC Machine.
Translated Learning Wenyuan Dai, Yuqiang Chen, Gui-Rong Xue, Qiang Yang, and Yong Yu. Translated Learning. In Proceedings of Twenty- Second Annual Conference.

Translated Learning Wenyuan Dai, Yuqiang Chen, Gui-Rong Xue, Qiang Yang, and Yong Yu. Translated Learning. In Proceedings of Twenty- Second Annual Conference.
Object Bank Presenter : Liu Changyu Advisor : Prof. Alex Hauptmann Interest : Multimedia Analysis April 4 th, 2013.

Object Bank Presenter : Liu Changyu Advisor : Prof. Alex Hauptmann Interest : Multimedia Analysis April 4 th, 2013.
Part-Of-Speech Tagging using Neural Networks Ankur Parikh LTRC IIIT Hyderabad

Part-Of-Speech Tagging using Neural Networks Ankur Parikh LTRC IIIT Hyderabad
A Weakly-Supervised Approach to Argumentative Zoning of Scientific Documents Yufan Guo Anna Korhonen Thierry Poibeau 1 Review By: Pranjal Singh 10511 Paper.

A Weakly-Supervised Approach to Argumentative Zoning of Scientific Documents Yufan Guo Anna Korhonen Thierry Poibeau 1 Review By: Pranjal Singh Paper.
Ranking and Classifying Attractiveness of Photos in Folksonomies Jose San Pedro and Stefan Siersdorfer University of Sheffield, L3S Research Center WWW.

Ranking and Classifying Attractiveness of Photos in Folksonomies Jose San Pedro and Stefan Siersdorfer University of Sheffield, L3S Research Center WWW.
Learning to Link with Wikipedia David Milne and Ian H. Witten Department of Computer Science, University of Waikato CIKM 2008 (Best Paper Award) Presented.

Learning to Link with Wikipedia David Milne and Ian H. Witten Department of Computer Science, University of Waikato CIKM 2008 (Best Paper Award) Presented.
October 2005CSA3180 NLP1 CSA3180 Natural Language Processing Introduction and Course Overview.

October 2005CSA3180 NLP1 CSA3180 Natural Language Processing Introduction and Course Overview.
Computational Linguistics. The Subject Computational Linguistics is a branch of linguistics that concerns with the statistical and rule-based natural.

Computational Linguistics. The Subject Computational Linguistics is a branch of linguistics that concerns with the statistical and rule-based natural.
April 2014 SEWM 20141 Event Detection from Social Media: User-centric Parallel Split-n-merge and Composite Kernel  Truc-Vien T. Nguyen, Lugano University,

April 2014 SEWM Event Detection from Social Media: User-centric Parallel Split-n-merge and Composite Kernel  Truc-Vien T. Nguyen, Lugano University,

Similar presentations

Ads by Google