Domain adaptation for textual adversarial defense via prompt-tuning

Most existing systems based on deep learning are vulnerable to adversarial attacks, i.e., strategically modified samples. These samples are generated by some imperceptible perturbations on different levels (sentence/word/character), which can fool deep models to give erroneous predictions. Recently, fine-tuning Pre-trained Language Models (PLMs) methods have achieved tremendous success in a series of downstream Natural Language Processing (NLP) tasks. However, recent studies indicate these methods need extensive adversarial examples for fine-tuning. In this paper, we propose a novel domain adaptation method for textual adversarial defense via prompt-tuning. Our method simulates original and adversarial text using source and target domains, then employs a prompt-tuning model to minimize domain deviations, treating textual adversarial defense as a cross-domain text classification task. To avoid noise and high time complexity from introducing external knowledge, we extract knowledge from the target domain and use hierarchical clustering and optimization strategies to fine-tune expansion words for the verbalizer in prompt-tuning. Experimental results show that the obvious improvement is obtained compared with other SOTA PLMs methods on textual adversarial defense.