WordChange: Adversarial Examples Generation Approach for Chinese Text Classification

As an important carrier for disseminating information in the Internet Age, the text contains a large amount of information. In recent years, adversarial example attacks against text discrete domains have been received widespread attention. Deep neural network (DNN) produces opposite predictions by adding small perturbations to the text data. In this paper, we present "WordChange'': an adversarial examples generation approach for Chinese text classification based on multiple modification strategies, and we evaluate the effectiveness of the method in sentiment analysis dataset and spam dataset. This method effectively locates important word positions by designing a keyword contribution algorithm.We first propose a "word-split'' strategy to substitute keywords thatare designed by the structure and semantic property of Chinese texts. We also first apply "swap'' and "insert'' strategies on Chinese texts to generate adversarial examples. We further discuss the infiuence of multiple Chinese Word Segmentation tools and different text lengths on the proposed method, as well as the diversification of Chinese text modification strategies. Finally, the adversarial texts based on the long short-term memory network (LSTM) can be successfully transferred to other text classifiers and real-world applications.