A Robust Adversarial Training Approach to Machine Reading Comprehension

最新推荐文章于 2023-07-11 10:34:51 发布
最新推荐文章于 2023-07-11 10:34:51 发布
阅读量1k 收藏 1
点赞数 1
分类专栏: NLP MRC
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ganxiwu9686/article/details/105741447
版权
NLP 同时被 2 个专栏收录
68 篇文章 6 订阅
订阅专栏
MRC
26 篇文章 1 订阅
订阅专栏

A Robust Adversarial Training Approach to Machine Reading Comprehension

2020 AAAI 百度,北大,厦大

动机:

同样是针对robustness,one of the most promising ways is to augment the training dataset
Since the types of adversarial examples are innumerable, it is not adequate to manually design

In this paper, we propose a novel robust adversarial training approach to improve the robustness of MRC models in a more generic way.

Specificly, dynamically generates adversarial examples based on the parameters of current model and further trains the model by using the generated examples in an iterative schedule.
it does not require any specification of adversarial attack types

在这里插入图片描述
AddSent:(Jia and Liang 2017) generates the misleading text by modifying the question according to
certain rules and proofreads manually
AddAnsCtx:we generate the misleading text by removing the answer words in answer sentences.

方法:
  1. Takes a well trained MRC model as the adversarial generator, and trains perturbation embedding sequences to minimize output probabilities of real answers
  2. Greedily samples word sequences from perturbation embeddings as misleading texts to create and enrich our adversarial example set.
  3. Trains the MRC model to maximize probabilities of real answers to defend against those adversarial examples.

具体而言:
During the training, we treat the model as a generator and all model parameters are fixed.
the training method only tries to perturb each passage input ep with an additional perturbation embedding sequence.
在这里插入图片描述

k is the insert position index, 随机加入
l is the length of the e’
在这里插入图片描述
对于每个位置i来说,对每个词的权重和为1
在这里插入图片描述
where αij is a trainable parameter for wi

Ques: W和alpha 对不同的样例都是一样的?

在这里插入图片描述
1、To generate misleading answer texts and distract the MRC model,design a cross entropy loss
aims to cheat the model and make the model believe the answer is locating in perturbation embedding sequence

在这里插入图片描述

where sd is the distract answer span located in perturbation embedding sequence.

2、To generate misleading context texts, we design a loss function aims to minimize the model estimation on ground truth span sg
在这里插入图片描述
3、 define our training loss function as: loss越大越难骗过模型;loss越小,噪音越好
在这里插入图片描述
此外,Add a regularization term Rs ,
to control the similarity between perturbation embeddings and questions & answers
在这里插入图片描述
sim(·, ·) is defined as a bag-of-words cosine similarity function:
在这里插入图片描述

最后,
在这里插入图片描述
we repeat the training process for each instance until the loss L is converged or lower than a certain threshold, then return the weight matrix w for further sampling

贪心采样

在这里插入图片描述
We simply sample the maximum weighted

在这里插入图片描述

Therefore, for each instance, generating a misleading text is sampling a max weighted token sequence

Retraining with Adversarial Examples

we enrich training data with sampled adversarial examples and retrain our models on the enriched data
扩充数据
Given a misleading text and its corresponding triple data <q, p, s>, we insert the misleading text A back into its position k of the passage.在这里插入图片描述

整个流程
在这里插入图片描述

实验

Standard SQuAD development set and five different types of adversarial test sets.
在这里插入图片描述
实验设置
• We randomly insert perturbation embedding between sentences, k 不确定的
• We limit the perturbation sequence length l to be 10
• we randomly set λq, λp to be -10 or 10, and set λc to be 0.5.
• And we set sd with random length in the middle of each perturbation embedding.
• we set the threshold as 1.5 and we set the maximum training step as 200 (most training losses tend to be stable (differences are lower than 1e-3) around 200 steps.)
• In training iteration, we set maximum training time T to be 5, trainloss’s stopping threshold yta to be 12.0.
• we randomly sample 5% training data for adversarial training and larger ratios will not provide satisfied performance within a single iteration according to our early experiments.
• After sampling, we retrain MRC models follow the early stopping strategy
• 对每个batch 都会收集local 词表。for each training instance, we utilize a local vocabulary V , in which tokens are mainly related to questions and passages.
• To make the model easier to converge, the vocabulary size is limited to 200.

在这里插入图片描述

结果

在这里插入图片描述

在这里插入图片描述

  • ASD dataset has more overlaps with AS and AA.
  • Our data has a more extensive distribution in the space. Its extensiveness enable itself to cover more types of adversarial examples

Ablation study
在这里插入图片描述
生成的一个结果:

在这里插入图片描述

彭伟_02
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
论文《Adversarial Reading Networks For Machine Comprehension
u010995990的博客
03-28 469
综述:文中描述当前阅读理解任务中受限于监督学习设置,以及可用的数据集。这篇论文主要提出关于阅读理解任务中的对抗学习以及self-play.它用一个名为reader network来找到关于text和query的答案,还用一个名为narrator network的网络来混淆text的内容,来降低reader network网络成功的可能性。然后取得了较好的效果。 文章的贡献: ...
基线理解_AAAI 2020论文分享 | 一种提升阅读理解模型鲁棒性的对抗训练方法
weixin_39774556的博客
12-24 143
本文对百度NLP入选AAAI 2020的机器阅读理解领域入选论文《A Robust Adversarial Training Approach to Machine Reading Comprehension》进行详细解读,该论文讨论了机器阅读理解模型面临对抗攻击时的效果鲁棒性问题。一、研究动机机器阅读理解技术是自然语言处理领域的热门方向,该技术可以使计算机具备从文本数据中获取知识并回答问题的能力...
论文解读:Improving the robustness of machine reading comprehension model with hierarchical knowledge and
夏栀的博客
12-21 505
论文解读:Improving the robustness of machine reading comprehension model with hierarchical knowledge and auxiliary unanswerability prediction 摘要: 先前深度学习方法在MRC任务上均成功应用,但他们普遍脆弱且在给定一些对抗噪声时不鲁棒。为了提升MRC,我们通过引入额外知识库的信息增强模型的表征能力,其次引入辅助不可回答预测模块并使用监督类的多任务学习来进行抽取式答案区间预测。
CVPR 2018paper: DeepDefense: Training Deep Neural Networks with Improved Robustness第一讲
weixin_30374009的博客
03-04 168
前言:好久不见了,最近一直瞎忙活,博客好久都没有更新了,表示道歉。希望大家在新的一年中工作顺利,学业进步,共勉! 今天我们介绍深度神经网络的缺点:无论模型有多深,无论是卷积还是RNN,都有的问题:以图像为例,我们人为的加一些东西,然后会急剧的降低网络的分类正确率。比如下图: 在生成对抗样本之后,分类器把alps 以高置信度把它识别成了狗,下面的一幅图,是把puffer 加上一些我们人类可能...
AAAI 2020论文分享 | 一种提升阅读理解模型鲁棒性的对抗训练方法
qq_40247584的博客
03-25 2101
本文对百度NLP入选AAAI 2020的机器阅读理解领域入选论文《A Robust Adversarial Training Approach to Machine Reading Comprehension》进行详细解读,该论文讨论了机器阅读理解模型面临对抗攻击时的效果鲁棒性问题。 一、研究动机 机器阅读理解技术是自然语言处理领域的热门方向,该技术可以使计算机具备从文本数据中获取...
请查收!顶会AAAI 2020录用论文之自然语言处理篇
语言智能技术笔记簿
02-23 1万+
2020年人工智能顶级会议AAAI录用的自然语言处理领域的研究论文已为您准备就绪,请查收!
The right to contest automated decisions under the General Data Protection Regulation: Beyond the so
weixin_42786150的博客
02-28 2374
The right to contest automated decisions under the General Data Protection Regulation: Beyond the so-called “right to explanation
论文阅读汇总(4)-【篇数:50】
scu-liu的博客
07-05 711
本人学习所有系列:汇总帖 这一篇文章作为精读/泛读论文的一个汇总贴。 开始新的100篇~ 1-50:1-50汇总 51-100:51-100汇总 101-150:51-100汇总 20210705- 《Directed Acyclic Graph Network for Conversational Emotion Recognition》 主要内容: 20210705- 《Directed Acyclic Graph Network for Conversational Emotion Reco
论文阅读汇总(1)-【篇数:50】
scu-liu的博客
02-03 3393
这一篇文章作为精读/泛读论文的一个汇总贴。 2021-2-3开始,期待刷到100篇的那一天。 交通大数据 20210203-《Long short-term memory neural network for traffic speed prediction using remote microwave sensor data》 主要内容:利用LSTM NN,先以历史道路速度数据为输入来预测未来的交通速度;然后又以道路速度和交通流量作为输入来预测未来的交通速度。并且通过与多种其他方法进行对比,来展示LST
NLP论文多个领域经典、顶会、必读整理分享及相关解读博客分享
qq_42189083的博客
05-29 2972
持续更新收集*** 1、Bert系列 BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding - NAACL 2019) ERNIE 2.0: A Continual Pre-training Framework for Language Understanding - arXiv 2019) StructBERT: Incorporating Language Structures into
A Robust Minimax Approach to Classification
05-12
很有名的最大最小理论分类,基于马氏距离的,对分类很有好处。
贪心算法、贪心搜索/采样(greedy search/sampling)、集束搜索(beam search)、随机采样(random sample)
最新发布
MOL
07-11 3101
的结果也是最好/最优的解。{看着这个名字,贪心,贪婪这两字的内在含义最为关键。这就好像一个贪婪的人,他事事都想要眼前看到最好的那个,看不到长远的东西,也不为最终的结果和将来着想,贪图眼前局部的利益最大化,有点走一步看一步的感觉。
贪心搜索(greedy search)、集束搜索(beam search)、随机采样(random sample)
jiangchao98的博客
05-24 4556
当我们训练完成一个自然语言生成模型后,需要使用这个模型生成新的语言(句子),如何生成这些句子,使用如下的方法:贪心搜索,集束搜索,随机搜索。 贪心搜索(greedy search)/采样(Sampling) 贪心搜索最为简单,直接选择每个输出的最大概率,直到出现终结符或最大句子长度。 在每个阶段都选择分值最高的项。此方法经常奏效,但显然不是最优的。 ​ 集束搜索(beam search) 集束搜索是一种启发式图搜索算法,在图的解空间比较大的情况下,为了减少搜索所占用的空间和时间,在每一步深度扩展
深度强化学习系列(8): Prioritized Experience Replay(PER-DQN)原理及实现
热门推荐
深度强化学习(DeepRL)探索博客
12-23 1万+
论文地址: https://arxiv.org/abs/1511.05952 本论文是由DeepMind操刀,Schaul主导完成的文章,发表于顶会ICLR2016上,主要解决经验回放中的”采样问题“(在DQN算法中使用了经典的”experience replay“,但存在一个问题是其采用均匀采样和批次更新,导致特别少但价值特别高的经验没有被高效的利用)。 还是往常的学习顺序,先摘要和结论 ...
论文解读:Improving Machine Reading Comprehension with Contextualized Commonsense Knowledge
夏栀的博客
06-11 662
论文解读:Improving Machine Reading Comprehension with Contextualized Commonsense Knowledge 论文下载:https://arxiv.org/pdf/2009.05831v2.pdf   本文旨在从非结构化文本中抽取常识知识,利用语境的常识知识辅助提升MRC 相关工作:   常识问答(Commonsense Question Answering) 一般是指对常识知识理解的基础上根据给定的问题进行回答。例如多项选择题“鸟儿在__上飞
【资源】领域自适应相关论文、代码分享
zenRRan的博客
10-19 6773
点击上方,选择星标或置顶,每天给你送干货!阅读大概需要20+分钟跟随小博主,每天进步一丢丢整理| 专知【导读】领域自适应(Domain Adaptation)是迁移学习(Transfe...
【论文笔记】Improving Machine Reading Comprehension with General Reading Strategies(2019,NAACL)
记录每一次小小的进步
02-27 1049
这篇论文在GPT模型的基础上,根据人类认知科学,提出了对非抽取式阅读理解任务的三个优化策略,分别被作者称为前后阅读(BACK AND FORTH READING,BF),高亮阅读(HIGHLIGHT, HL),自我评价(SELF-ASSESSMENT,SA),实际上分别对应输入策略,附加信息,数据增强的策略,对如何进行阅读理解的优化有启发作用。
【论文笔记】 Synthesizing Robust Adversarial Examples
WwwwHy搞的烂活
12-01 2190
Synthesizing Robust Adversarial Examples 本文参考了这篇文章 abstract:由于视点转换、摄像机噪声和其他自然变换的组合,生成神经网络对抗性例子的标准方法并不能一直愚弄物理世界中的神经网络分类器,限制了它们与现实世界系统的相关性。我们证明了稳健的三维对抗性对象的存在,并且我们提出了第一个算法,用于合成在一个选定的变换分布上对抗样本。我们合成了对噪声、畸变和仿射变换具有鲁棒性的二维对抗图像。我们将我们的算法应用到复杂的三维对象,使用3d打印制造第一个物理对抗对象
Towards Deep Learning Models Resistant to Adversarial Attacks
04-03
Adversarial attacks are a major concern in the field of deep learning as they can cause misclassification and undermine the reliability of deep learning models. In recent years, researchers have proposed several techniques to improve the robustness of deep learning models against adversarial attacks. Here are some of the approaches: 1. Adversarial training: This involves generating adversarial examples during training and using them to augment the training data. This helps the model learn to be more robust to adversarial attacks. 2. Defensive distillation: This is a technique that involves training a second model to mimic the behavior of the original model. The second model is then used to make predictions, making it more difficult for an adversary to generate adversarial examples that can fool the model. 3. Feature squeezing: This involves converting the input data to a lower dimensionality, making it more difficult for an adversary to generate adversarial examples. 4. Gradient masking: This involves adding noise to the gradients during training to prevent an adversary from estimating the gradients accurately and generating adversarial examples. 5. Adversarial detection: This involves training a separate model to detect adversarial examples and reject them before they can be used to fool the main model. 6. Model compression: This involves reducing the complexity of the model, making it more difficult for an adversary to generate adversarial examples. In conclusion, improving the robustness of deep learning models against adversarial attacks is an active area of research. Researchers are continually developing new techniques and approaches to make deep learning models more resistant to adversarial attacks.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

彭伟_02

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值