Visage: Visual-Aware Generation of Adversarial Examples in Black-Box for Text Classification

Text Classification (TC), as a fundamental task in the Natural Language Process (NLP), plays an important role in many areas. However, adversarial examples (AEs) that adding small perturbations on the input text samples poses a serious challenge for TC. One key characteristic of AEs in the context of NLP is the visual consistency, attackers generally keep AEs similar to the original text sample in visual to facilitate user understanding. In this paper, we introduce an effective blackbox method Visage to generate AEs by considering the perspective of users. Specifically, Visage calculates the importance of words in the input text sample and modifies them by using similar characters in visual to generate AEs. Visage provides AEs for adversarial training and improves the robustness of TC. Extensive experiments show that AEs generated by Visage can effectively reduce the accuracy of victim models which outperforms related works by 22.95% on average. Furthermore, adding AEs generated by Visage in training datasets for adversarial training can improve the robustness by 19.5%.