Invariance-based Adversarial Attack on Neural Machine Translation Systems

Abstract--Recently, NLP models have been shown to be susceptible to adversarial attacks. In this paper, we explore adve rsarial attacks on neural machine translation (NMT) systems. Given a sentence in the source language, the goal of the proposed att ack is to change multiple words while ensuring that the predicte d translation remains unchanged. In order to choose the word from the source vocabulary, we propose a soft-attention bas ed technique. The experiments are conducted on two language pa irs: English-German (en-de) and English-French (en-fr) and two state-of-the-art NMT systems: BLSTM-based encoder-decod er with attention and Transformer . The proposed soft-attenti on based technique outperforms existing methods like HotFlip by a significant margin for all the conducted experiments The res ults demonstrate that state-of-the-art NMT systems are unable t o capture the semantics of the source language.