Institute of Computing Technology, Chinese Academy IR
| PRADA: Practical Black-box Adversarial Attacks against Neural Ranking Models | |
| Wu, Chen1,2; Zhang, Ruqing1,2; Guo, Jiafeng1,2; De Rijke, Maarten3; Fan, Yixing2,4; Cheng, Xueqi2,4 | |
| 2023-10-01 | |
| 发表期刊 | ACM TRANSACTIONS ON INFORMATION SYSTEMS
 |
| ISSN | 1046-8188 |
| 卷号 | 41期号:4页码:27 |
| 摘要 | Neural ranking models (NRMs) have shown remarkable success in recent years, especially with pre-trained language models. However, deep neural models are notorious for their vulnerability to adversarial examples. Adversarial attacks may become a new type of web spamming technique given our increased reliance on neural information retrieval models. Therefore, it is important to study potential adversarial attacks to identify vulnerabilities of NRMs before they are deployed. In this article, we introduce the Word Substitution Ranking Attack (WSRA) task against NRMs, which aims at promoting a target document in rankings by adding adversarial perturbations to its text. We focus on the decision-based black-box attack setting, where the attackers cannot directly get access to the model information, but can only query the target model to obtain the rank positions of the partial retrieved list. This attack setting is realistic in real-world search engines. We propose a novel Pseudo Relevance-based ADversarial ranking Attack method (PRADA) that learns a surrogate model based on Pseudo Relevance Feedback (PRF) to generate gradients for finding the adversarial perturbations. Experiments on two web search benchmark datasets show that PRADA can outperform existing attack strategies and successfully fool the NRM with small indiscernible perturbations of text. |
| 关键词 | Adversarial attack decision-based black-box attack setting neural ranking models |
| DOI | 10.1145/3576923 |
| 收录类别 | SCI |
| 语种 | 英语 |
| 资助项目 | National Natural Science Foundation of China (NSFC)[62006218] ; National Natural Science Foundation of China (NSFC)[61902381] ; Youth Innovation Promotion Association CAS[20144310] ; Youth Innovation Promotion Association CAS[2021100] ; Young Elite Scientist Sponsorship Program by CAST[YESS20200121] ; Lenovo-CAS Joint Lab Youth Scientist Project ; Hybrid Intelligence Center, a 10-year program - Dutch Ministry of Education, Culture and Science through the Netherlands Organisation for Scientific Research |
| WOS研究方向 | Computer Science |
| WOS类目 | Computer Science, Information Systems |
| WOS记录号 | WOS:001068685300008 |
| 出版者 | ASSOC COMPUTING MACHINERY |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.204/handle/2XEOYT63/21124 |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Guo, Jiafeng |
| 作者单位 | 1.Inst Comp Technol Acad Sci, Beijing, Peoples R China 2.Univ Chinese Acad Sci, 6 Kexueyuan South Rd, Beijing 100190, Peoples R China 3.Univ Amsterdam, NL-1012WX Amsterdam, Netherlands 4.Chinese Acad Sci, Inst Comp Technol, Beijing, Peoples R China |
| 推荐引用方式 GB/T 7714 | Wu, Chen,Zhang, Ruqing,Guo, Jiafeng,et al. PRADA: Practical Black-box Adversarial Attacks against Neural Ranking Models[J]. ACM TRANSACTIONS ON INFORMATION SYSTEMS,2023,41(4):27. |
| APA | Wu, Chen,Zhang, Ruqing,Guo, Jiafeng,De Rijke, Maarten,Fan, Yixing,&Cheng, Xueqi.(2023).PRADA: Practical Black-box Adversarial Attacks against Neural Ranking Models.ACM TRANSACTIONS ON INFORMATION SYSTEMS,41(4),27. |
| MLA | Wu, Chen,et al."PRADA: Practical Black-box Adversarial Attacks against Neural Ranking Models".ACM TRANSACTIONS ON INFORMATION SYSTEMS 41.4(2023):27. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论