Generating Fluent Chinese Adversarial Examples for Sentiment Classification

Highly accurate classifiers can be trained by existing machine learning models, however, most of these classifiers do not consider the adversarial attack. This makes these classifiers vulnerable to adversarial examples. In order to improve the ability of sentiment classifiers to resist the adversarial attack, it is very important to generate high-quality adversarial examples. Most of the existing methods that generate natural language adversarial examples aim at English text with relatively simple strategies, but a single transformation strategy is easily detected by the defender. In this paper, we propose a new method to generate Chinese natural language adversarial examples, which is called AD-ER (Adversarial Examples with Readability). The first step is to select the important words in the text, which have great impact on the sentiment classifier. Then we proposed four variant strategies to replace the important words and the best candidate word is selected heuristically under the constraints of its readability and maximum entropy model. The simulation results on a real shopping review dataset verify that the examples generated by our method can produce large attack disturbance to the classifiers. Different from other examples, our examples have good readability and diversity, which are more fluent and harder to be detected.