PRADA: Practical Black-box Adversarial Attacks against Neural Ranking Models
文献类型:期刊论文
| 作者 | Wu, Chen2,3; Zhang, Ruqing2,3; Guo, Jiafeng2,3; De Rijke, Maarten1; Fan, Yixing3,4; Cheng, Xueqi3,4 |
| 刊名 | ACM TRANSACTIONS ON INFORMATION SYSTEMS
 |
| 出版日期 | 2023-10-01 |
| 卷号 | 41期号:4页码:27 |
| ISSN号 | 1046-8188 |
| 关键词 | Adversarial attack decision-based black-box attack setting neural ranking models |
| DOI | 10.1145/3576923 |
| 英文摘要 | Neural ranking models (NRMs) have shown remarkable success in recent years, especially with pre-trained language models. However, deep neural models are notorious for their vulnerability to adversarial examples. Adversarial attacks may become a new type of web spamming technique given our increased reliance on neural information retrieval models. Therefore, it is important to study potential adversarial attacks to identify vulnerabilities of NRMs before they are deployed. In this article, we introduce the Word Substitution Ranking Attack (WSRA) task against NRMs, which aims at promoting a target document in rankings by adding adversarial perturbations to its text. We focus on the decision-based black-box attack setting, where the attackers cannot directly get access to the model information, but can only query the target model to obtain the rank positions of the partial retrieved list. This attack setting is realistic in real-world search engines. We propose a novel Pseudo Relevance-based ADversarial ranking Attack method (PRADA) that learns a surrogate model based on Pseudo Relevance Feedback (PRF) to generate gradients for finding the adversarial perturbations. Experiments on two web search benchmark datasets show that PRADA can outperform existing attack strategies and successfully fool the NRM with small indiscernible perturbations of text. |
| 资助项目 | National Natural Science Foundation of China (NSFC)[62006218] ; National Natural Science Foundation of China (NSFC)[61902381] ; Youth Innovation Promotion Association CAS[20144310] ; Youth Innovation Promotion Association CAS[2021100] ; Young Elite Scientist Sponsorship Program by CAST[YESS20200121] ; Lenovo-CAS Joint Lab Youth Scientist Project ; Hybrid Intelligence Center, a 10-year program - Dutch Ministry of Education, Culture and Science through the Netherlands Organisation for Scientific Research |
| WOS研究方向 | Computer Science |
| 语种 | 英语 |
| 出版者 | ASSOC COMPUTING MACHINERY |
| WOS记录号 | WOS:001068685300008 |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/21123]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Guo, Jiafeng |
| 作者单位 | 1.Univ Amsterdam, NL-1012WX Amsterdam, Netherlands 2.Inst Comp Technol Acad Sci, Beijing, Peoples R China 3.Univ Chinese Acad Sci, 6 Kexueyuan South Rd, Beijing 100190, Peoples R China 4.Chinese Acad Sci, Inst Comp Technol, Beijing, Peoples R China |
| 推荐引用方式 GB/T 7714 | Wu, Chen,Zhang, Ruqing,Guo, Jiafeng,et al. PRADA: Practical Black-box Adversarial Attacks against Neural Ranking Models[J]. ACM TRANSACTIONS ON INFORMATION SYSTEMS,2023,41(4):27. |
| APA | Wu, Chen,Zhang, Ruqing,Guo, Jiafeng,De Rijke, Maarten,Fan, Yixing,&Cheng, Xueqi.(2023).PRADA: Practical Black-box Adversarial Attacks against Neural Ranking Models.ACM TRANSACTIONS ON INFORMATION SYSTEMS,41(4),27. |
| MLA | Wu, Chen,et al."PRADA: Practical Black-box Adversarial Attacks against Neural Ranking Models".ACM TRANSACTIONS ON INFORMATION SYSTEMS 41.4(2023):27. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。