Resilience of Named Entity Recognition models against adversarial attacks

• Autorzy: Walkowiak Paweł

Identyfikatory

DOI

10.24425/ijet.2025.153623

• Języki publikacji: EN

Abstrakty

EN

Adversarial Attacks are actions that aims to mislead models by introducing subtle and often imperceptible changes in model’s input. Providing resilience for such kind of risk is key for all Natural Language Processing (NLP) task specific models. Current state of the art solution for one of NLP task Named Entity Recognition (NER) is usage of transformer based solutions. Previous solution where based on Conditional Random Fields (CRF).This research aims to investigate and compare the robustness of both transformer-based and CRF-based NER models against adversarial attacks. By subjecting these models to carefully crafted perturbations, we seek to understand how well they can withstand attempts to manipulate their input and compromise their performance. This comparative analysis will provide valuable insights into the strengths and weaknesses of each architecture, shedding light on the most effective strategies for enhancing the security and reliability of NER systems.

Słowa kluczowe

EN

Named Entity Recognition; Polish; Adversarial Attacks

• Wydawca: Polish Academy of Sciences, Committee of Electronics and Telecommunication
• Czasopismo: International Journal of Electronics and Telecommunications
• Rocznik: 2025
• Tom: Vol. 71, No. 3
• Strony: 16
• Opis fizyczny: Bibliogr. 19 poz., tab., rys.

Twórcy

autor

Walkowiak Paweł

• Wroclaw University of Science and Technology

Bibliografia

• [1] Y. Wang, T. Sun, S. Li, X. Yuan, W. Ni, E. Hossain, and H. V. Poor, “Adversarial Attacks and Defenses in Machine Learning-Powered Networks: A Contemporary Survey,” CoRR, vol. abs/2303.06302, 2023.
• [2] I. Keraghel, S. Morbieu, and M. Nadif, “A survey on recent advances in named entity recognition,” CoRR, vol. abs/2401.10825, 2024.
• [3] M. Marcińczuk, J. Kocoń, and M. Oleksy, “Liner2 — a Generic Framework for Named Entity Recognition,” in Proceedings of the 6th Workshop on Balto-Slavic Natural Language Processing. Association for Computational Linguistics, 2017, pp. 86-91.
• [4] D. Jin, Z. Jin, J. T. Zhou, and P. Szolovits, “Is BERT Really Robust? Natural Language Attack on Text Classification and Entailment,” CoRR, vol. abs/1907.11932, 2020. [Online]. Available: http://arxiv.org/abs/1907.11932
• [5] J. Pennington, R. Socher, and C. Manning, “GloVe: Global Vectors for Word Representation,” in Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP). Doha, Qatar: Association for Computational Linguistics, Oct. 2014, pp. 1532-1543.
• [6] N. Reimers and I. Gurevych, “Sentence-BERT: Sentence Embeddings using Siamese BERT-Networks,” in Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP), K. Inui, J. Jiang, V. Ng, and X. Wan, Eds. Hong Kong, China: Association for Computational Linguistics, Nov. 2019, pp. 3982-3992.
• [7] J. Li, S. Ji, T. Du, B. Li, and T. Wang, “Textbugger: Generating adversarial text against real-world applications,” in 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society, 2019. [Online]. Available: https://www.ndss-symposium.org/ndss-paper/textbugger-generating-adversarial-text-against-real-world-applications/
• [8] A. Dirkson, S. Verberne, and W. Kraaij, “Breaking BERT: Understanding its Vulnerabilities for Named Entity Recognition through Adversarial Attack,” CoRR, vol. abs/2109.11308, 2021. [Online]. Available: https://arxiv.org/abs/2109.11308
• [9] J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding,” in Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), J. Burstein, C. Doran, and T. Solorio, Eds. Minneapolis, Minnesota: Association for Computational Linguistics, Jun. 2019, pp. 4171-4186. [Online]. Available: https://aclanthology.org/N19-1423
• [10] D. Cer, Y. Yang, S.-y. Kong, N. Hua, N. Limtiaco, R. St. John, N. Constant, M. Guajardo-Cespedes, S. Yuan, C. Tar, B. Strope, and R. Kurzweil, “Universal Sentence Encoder for English,” in Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, E. Blanco and W. Lu, Eds. Brussels, Belgium: Association for Computational Linguistics, Nov. 2018, pp. 169-174.
• [11] W. Simoncini and G. Spanakis, “SeqAttack: On Adversarial Attacks for Named Entity Recognition,” in Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, H. Adel and S. Shi, Eds. Online and Punta Cana, Dominican Republic: Association for Computational Linguistics, Nov. 2021, pp. 308-318.
• [12] J. Morris, E. Lifland, J. Y. Yoo, J. Grigsby, D. Jin, and Y. Qi, “TextAttack: A Framework for Adversarial Attacks, Data Augmentation, and Adversarial Training in NLP,” in Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, 2020, pp. 119-126.
• [13] A. Joulin, E. Grave, P. Bojanowski, and T. Mikolov, “Bag of Tricks for Efficient Text Classification,” in Proceedings of the 15th Conference of the European Chapter of the Association for Computational Linguistics: Volume 2, Short Papers. Association for Computational Linguistics, April 2017, pp. 427-431.
• [14] M. Marcińczuk, J. Koco´n, and M. Janicki, “Liner2 - A Customizable Framework for Proper Names Recognition for Polish,” vol. 467, pp. 231-253, 01 2013.
• [15] B. Broda, M. Marcińczuk, M. Maziarz, A. Radziszewski, and A. Wardyński, “KPWr: Towards a Free Corpus of Polish,” in Proceedings of the Eighth International Conference on Language Resources and Evaluation (LREC’12), N. Calzolari, K. Choukri, T. Declerck, M. U. Doğan, B. Maegaard, J. Mariani, A. Moreno, J. Odijk, and S. Piperidis, Eds. Istanbul, Turkey: European Language Resources Association (ELRA), May 2012, pp. 3218-3222. [Online]. Available: http://www.lrec-conf.org/proceedings/lrec2012/pdf/965 Paper.pdf
• [16] J. Straková, M. Straka, and J. Hajič, “Open-Source Tools for Morphology, Lemmatization, POS Tagging and Named Entity Recognition,” in Proceedings of 52nd Annual Meeting of the Association for Computational Linguistics: System Demonstrations. Baltimore, Maryland: Association for Computational Linguistics, June 2014, pp. 13-18. [Online]. Available: http://www.aclweb.org/anthology/P/P14/P14-5003.pdf
• [17] A. Patejuk and A. Przepiórkowski, “ISOcat Definition of the National Corpus of Polish Tagset,” 01 2010.
• [18] S. Dadas, M. Perelkiewicz, and R. Poswiata, “Pre-training Polish Transformer-Based Language Models at Scale,” in Artificial Intelligence and Soft Computing - 19th International Conference, ICAISC 2020, Zakopane, Poland, Proceedings, Part II, ser. Lecture Notes in Computer Science, vol. 12416. Springer, 2020, pp. 301-314.
• [19] M. Marcińczuk, “CEN,” 2007, CLARIN-PL digital repository. [Online]. Available: http://hdl.handle.net/11321/6

Uwagi

1. Opracowanie rekordu ze środków MNiSW, umowa nr POPUL/SP/0154/2024/02 w ramach programu "Społeczna odpowiedzialność nauki II" - moduł: Popularyzacja nauki (2025).

2. The work was financed as part of the investment: ”CLARIN ERIC - European Research Infrastructure Consortium: Com- mon Language Resources and Technology Infrastructure (pe- riod: 2024-2026) funded by the Polish Ministry of Science and Higher Education (Programme: ”Support for the participation of Polish scientific teams in international research infrastructure projects”), agreement number 2024/WK/01.