Recently, the 29th ACM Conference on Computer and Communications Security (CCS 2022) officially published the list of accepted papers.Jiawei Liu, a 2020-grade doctoral student of our School, as the first author, whose paper was accepted.
The title of this paper isOrder-Disorder: Imitation Adversarial Attacks for Black-box Neural Ranking Models, and Wuhan University is the first affiliation. The instructors areWei Lu(correspondence author), Professor at our School,Xiaozhong Liu(co-correspondence author), Associate Professor at Worcester Polytechnic Institute, andXiaofeng Wang, Professor at Indiana University. Others participated in the related work of the paper were as followings:
Yangyang Kang, Algorithm Expert of Alibaba DAMO Academy,
Kaisong Song, Algorithm Expert of Alibaba DAMO Academy,
Changlong Sun, Algorithm Expert of Alibaba DAMO Academy, and
Di Tang, Postdoctoral Researcher at Indiana University.
With the introduction and wide application of pre-training models such as BERT based on transformer, and transformer, after deep pre-training and fine-tuning, has achieved the best performance in many text ranking tasks. However, the neural ranking models inherit theadversarial vulnerabilitiesof the neural network, that is, a small intentional disturbance (e.g. some pixel changes in the image, a few characters changes in the text) may cause great changes in the prediction results, and thisvulnerabilities might be leveraged by blackhat SEO to defeat better-protected search engines, and inopinion guidance, etc. Previous anti-ranking attacks mainly focused on deep image ranking system, text classification and machine translation system, but the vulnerability of deep text ranking model has not been explored. In addition, the ranking system in the real scene forbids any form of white-box access, and the black-box attack can reveal the loopholes of the ranking system close to reality.
In this paper, a new black-box attack method for deep text ranking system was proposed by using the transferability characteristics of confrontation samples between different neural networks, and the security vulnerabilities of deep text ranking model was revealed. By sampling the result list of the target ranking model, without any white-box access rights, to train an imitation model to replace the target ranking model, generates anti-attack text based on the replacement model, and then migrates to the target ranking model to verify the attack effect. A large number of automatic detection and manual evaluation prove that this method can effectively realize the attack target in black box mode.
With a history of nearly 30 years ACM CCS has a high reputation in the field of system and network security, and has been leading the trend of international information security research. The Google's H-5 index of ACM CCS is 98, which is the highest in the field of computer security and cryptography. At the same time, it has been recognized by China Computer Federation as A level international academic conference on network security, and it is considered the top four conferences in the field of network security together with IEEE S&P, USENIX Security and NDSS.
In 2021, Jiawei Liu published a paper entitled withTime to Transfer: Predicting and Evaluating Machine-Human Chatting Handoffat AAAI (CCF-A level) , a top conference in the field of artificial intelligence.
This was the first time that our School has published papers at CCS and AAAI.
The list of accepted papers:https://www.sigsac.org/ccs/CCS2022/program/accepted-papers.html
Link to the pre-print version of the paper:https://arxiv.org/abs/2209.06506