Advbench

在本文中，我们重新考虑了安全场景中文本对抗样本的研究范式。我们讨论了以前工作中的不足之处，并提出了我们的建议，即对面向安全的对抗NLP (SoadNLP) 的研究应该 :( 1) 评估他们在安全任务上的方法，以证明现实世界的关注点; (2) 考虑现实世界攻击者的目标，而不是开发不切实际的方法。为此，我们首先收集、处理和发布一个安全数据集集合advbench。然后，我们对任务进行了重新调整，并调整了SoadNLP中不同目标的重点。接下来，我们提出了一种基于启发式规则的简单方法，该方法可以轻松实现实际的对抗目标，以模拟现实世界的攻击方法。我们在Advbenchmark上对攻击和防御双方进行了实验。实验结果表明，我们的方法具有较高的实用价值，表明SoadNLP的研究范式可能是从我们的新基准开始的。

In this paper, we reconsider the research paradigm of textual adversarial examples in security scenarios. We discuss the shortcomings of previous works and propose our recommendations: research on security-oriented adversarial NLP (SoadNLP) should (1) evaluate their methods on security tasks to demonstrate real-world concerns; (2) consider the goals of real-world adversaries rather than developing unrealistic approaches. To this end, we first collect, process, and release a security dataset collection named AdvBench. Next, we re-adjust the tasks and refocus the priorities of different objectives in SoadNLP. Subsequently, we propose a simple heuristic rule-based method that can easily achieve practical adversarial goals to simulate real-world attack methods. We conduct experiments on both attack and defense sides using AdvBenchmark. The experimental results demonstrate that our method has high practical value, indicating that the research paradigm of SoadNLP may start from our new benchmark.