Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling

Chris Emmery; Ákos Kádár; Grzegorz Chrupała

doi:10.18653/v1/2021.eacl-main.203

Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

Abstract

Written language contains stylistic cues that can be exploited to automatically infer a variety of potentially sensitive author information. Adversarial stylometry intends to attack such models by rewriting an author’s text. Our re-search proposes several components to facilitate deployment of these adversarial attacks in the wild, where neither data nor target models are accessible. We introduce a transformer-based extension of a lexical replacement attack, and show it achieves high transferability when trained on a weakly labeled corpus--decreasing target model performance below chance. While not completely inconspicuous, our more successful attacks also prove notably less detectable by humans. Our framework therefore provides a promising direction for future privacy-preserving adversarial attacks.

Original language	English
Title of host publication	Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Volume 1, Long Papers
Place of Publication	Kyiv, Ukraine
Publisher	Association for Computational Linguistics
Pages	2388-2402
Number of pages	14
DOIs	https://doi.org/10.18653/v1/2021.eacl-main.203
Publication status	Published - 15 Apr 2021
Event	The 16th Conference of the European Chapter of the Association for Computational Linguistics - Kyiv, Ukraine Duration: 19 Apr 2021 → 23 Apr 2021 Conference number: 16 https://2021.eacl.org/

Conference

Conference	The 16th Conference of the European Chapter of the Association for Computational Linguistics
Abbreviated title	EACL 2021
Country/Territory	Ukraine
City	Kyiv
Period	19/04/21 → 23/04/21
Internet address	https://2021.eacl.org/

Access to Document

10.18653/v1/2021.eacl-main.203Licence: CC BY

https://doi.org/10.48550/arXiv.2101.11310Licence: CC BY-NC-SA

Cite this

Emmery, C., Kádár, Á., & Chrupała, G. (2021). Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling. In Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Volume 1, Long Papers (pp. 2388-2402). Association for Computational Linguistics. https://doi.org/10.18653/v1/2021.eacl-main.203

@inproceedings{708ebcff3bc14e64951b7cf24ae68e4a,

title = "Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling",

abstract = "Written language contains stylistic cues that can be exploited to automatically infer a variety of potentially sensitive author information. Adversarial stylometry intends to attack such models by rewriting an author{\textquoteright}s text. Our re-search proposes several components to facilitate deployment of these adversarial attacks in the wild, where neither data nor target models are accessible. We introduce a transformer-based extension of a lexical replacement attack, and show it achieves high transferability when trained on a weakly labeled corpus--decreasing target model performance below chance. While not completely inconspicuous, our more successful attacks also prove notably less detectable by humans. Our framework therefore provides a promising direction for future privacy-preserving adversarial attacks.",

author = "Chris Emmery and {\'A}kos K{\'a}d{\'a}r and Grzegorz Chrupa{\l}a",

year = "2021",

month = apr,

day = "15",

doi = "10.18653/v1/2021.eacl-main.203",

language = "English",

pages = "2388--2402",

booktitle = "Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Volume 1, Long Papers",

publisher = "Association for Computational Linguistics",

note = "The 16th Conference of the European Chapter of the Association for Computational Linguistics, EACL 2021 ; Conference date: 19-04-2021 Through 23-04-2021",

url = "https://2021.eacl.org/",

}

Emmery, C, Kádár, Á & Chrupała, G 2021, Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling. in Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Volume 1, Long Papers. Association for Computational Linguistics, Kyiv, Ukraine, pp. 2388-2402, The 16th Conference of the European Chapter of the Association for Computational Linguistics, Kyiv, Ukraine, 19/04/21. https://doi.org/10.18653/v1/2021.eacl-main.203

Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling. / Emmery, Chris; Kádár, Ákos; Chrupała, Grzegorz.
Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Volume 1, Long Papers. Kyiv, Ukraine: Association for Computational Linguistics, 2021. p. 2388-2402.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Adversarial Stylometry in the Wild

T2 - The 16th Conference of the European Chapter of the Association for Computational Linguistics

AU - Emmery, Chris

AU - Kádár, Ákos

AU - Chrupała, Grzegorz

N1 - Conference code: 16

PY - 2021/4/15

Y1 - 2021/4/15

N2 - Written language contains stylistic cues that can be exploited to automatically infer a variety of potentially sensitive author information. Adversarial stylometry intends to attack such models by rewriting an author’s text. Our re-search proposes several components to facilitate deployment of these adversarial attacks in the wild, where neither data nor target models are accessible. We introduce a transformer-based extension of a lexical replacement attack, and show it achieves high transferability when trained on a weakly labeled corpus--decreasing target model performance below chance. While not completely inconspicuous, our more successful attacks also prove notably less detectable by humans. Our framework therefore provides a promising direction for future privacy-preserving adversarial attacks.

AB - Written language contains stylistic cues that can be exploited to automatically infer a variety of potentially sensitive author information. Adversarial stylometry intends to attack such models by rewriting an author’s text. Our re-search proposes several components to facilitate deployment of these adversarial attacks in the wild, where neither data nor target models are accessible. We introduce a transformer-based extension of a lexical replacement attack, and show it achieves high transferability when trained on a weakly labeled corpus--decreasing target model performance below chance. While not completely inconspicuous, our more successful attacks also prove notably less detectable by humans. Our framework therefore provides a promising direction for future privacy-preserving adversarial attacks.

UR - https://github.com/cmry/reap

U2 - 10.18653/v1/2021.eacl-main.203

DO - 10.18653/v1/2021.eacl-main.203

M3 - Conference contribution

SP - 2388

EP - 2402

BT - Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Volume 1, Long Papers

PB - Association for Computational Linguistics

CY - Kyiv, Ukraine

Y2 - 19 April 2021 through 23 April 2021

ER -

Emmery C, Kádár Á, Chrupała G. Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling. In Proceedings of the 16th Conference of the European Chapter of the Association for Computational Linguistics: Volume 1, Long Papers. Kyiv, Ukraine: Association for Computational Linguistics. 2021. p. 2388-2402 Epub 2021 Jan 27. doi: 10.18653/v1/2021.eacl-main.203

Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this