Tamp-X: Attacking explainable natural language classifiers through tampered activations
Author | Ali, Hassan |
Author | Khan, Muhammad Suleman |
Author | Al-Fuqaha, Ala |
Author | Qadir, Junaid |
Available date | 2023-07-13T05:40:52Z |
Publication Date | 2022 |
Publication Name | Computers and Security |
Resource | Scopus |
ISSN | 1674048 |
Abstract | While the technique of Deep Neural Networks (DNNs) has been instrumental in achieving state-of-the-art results for various Natural Language Processing (NLP) tasks, recent works have shown that the decisions made by DNNs cannot always be trusted. Recently Explainable Artificial Intelligence (XAI) methods have been proposed as a method for increasing DNN's reliability and trustworthiness. These XAI methods are however open to attack and can be manipulated in both white-box (gradient-based) and black-box (perturbation-based) scenarios. Exploring novel techniques to attack and robustify these XAI methods is crucial to fully understand these vulnerabilities. In this work, we propose Tamp-X-a novel attack which tampers the activations of robust NLP classifiers forcing the state-of-the-art white-box and black-box XAI methods to generate misrepresented explanations. To the best of our knowledge, in current NLP literature, we are the first to attack both the white-box and the black-box XAI methods simultaneously. We quantify the reliability of explanations based on three different metrics-the descriptive accuracy, the cosine similarity, and the Lp norms of the explanation vectors. Through extensive experimentation, we show that the explanations generated for the tampered classifiers are not reliable, and significantly disagree with those generated for the untampered classifiers despite that the output decisions of tampered and untampered classifiers are almost always the same. Additionally, we study the adversarial robustness of the tampered NLP classifiers, and find out that the tampered classifiers which are harder to explain for the XAI methods, are also harder to attack by the adversarial attackers. 2022 The Author(s) |
Sponsor | This publication was made possible by NPRP grant # [13S-0206-200273] from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors. Open Access funding is provided by the Qatar National Library. This document is the result of the research project funded by the Qatar National Research Fund (a member of Qatar Foundation) |
Language | en |
Publisher | Elsevier |
Subject | Adversarial attacks Attacking XAI Explainable artificial intelligence (XAI) Model tampering Natural language processing |
Type | Article |
Volume Number | 120 |
Check access options
Files in this item
This item appears in the following Collection(s)
-
Computer Science & Engineering [2402 items ]