{"id":"https://openalex.org/W4383221565","doi":"https://doi.org/10.1145/3579856.3590339","title":"Masked Language Model Based Textual Adversarial Example Detection","display_name":"Masked Language Model Based Textual Adversarial Example Detection","publication_year":2023,"publication_date":"2023-07-05","ids":{"openalex":"https://openalex.org/W4383221565","doi":"https://doi.org/10.1145/3579856.3590339"},"language":"en","primary_location":{"id":"doi:10.1145/3579856.3590339","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3579856.3590339","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://hdl.handle.net/10072/425529","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103251488","display_name":"Xiaomei Zhang","orcid":"https://orcid.org/0009-0007-0196-2948"},"institutions":[{"id":"https://openalex.org/I142108993","display_name":"Southwest University","ror":"https://ror.org/01kj4z117","country_code":"CN","type":"education","lineage":["https://openalex.org/I142108993"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiaomei Zhang","raw_affiliation_strings":["College of Computer and Information Science, Southwest University, China"],"raw_orcid":"https://orcid.org/0009-0007-0196-2948","affiliations":[{"raw_affiliation_string":"College of Computer and Information Science, Southwest University, China","institution_ids":["https://openalex.org/I142108993"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032216635","display_name":"Zhaoxi Zhang","orcid":"https://orcid.org/0000-0002-3813-2776"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Zhaoxi Zhang","raw_affiliation_strings":["School of Information Technology, Deakin University, Australia"],"raw_orcid":"https://orcid.org/0000-0002-3813-2776","affiliations":[{"raw_affiliation_string":"School of Information Technology, Deakin University, Australia","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007677966","display_name":"Qi Zhong","orcid":"https://orcid.org/0000-0002-3736-7135"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Qi Zhong","raw_affiliation_strings":["School of Information Technology, Deakin University, Australia"],"raw_orcid":"https://orcid.org/0000-0002-3736-7135","affiliations":[{"raw_affiliation_string":"School of Information Technology, Deakin University, Australia","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082273658","display_name":"Xufei Zheng","orcid":"https://orcid.org/0000-0001-8294-8863"},"institutions":[{"id":"https://openalex.org/I142108993","display_name":"Southwest University","ror":"https://ror.org/01kj4z117","country_code":"CN","type":"education","lineage":["https://openalex.org/I142108993"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xufei Zheng","raw_affiliation_strings":["College of Computer and Information Science, Southwest University, China"],"raw_orcid":"https://orcid.org/0000-0001-8294-8863","affiliations":[{"raw_affiliation_string":"College of Computer and Information Science, Southwest University, China","institution_ids":["https://openalex.org/I142108993"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100449630","display_name":"Yanjun Zhang","orcid":"https://orcid.org/0000-0001-5611-3483"},"institutions":[{"id":"https://openalex.org/I114017466","display_name":"University of Technology Sydney","ror":"https://ror.org/03f0f6041","country_code":"AU","type":"education","lineage":["https://openalex.org/I114017466"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Yanjun Zhang","raw_affiliation_strings":["School of Computer Science, University of Technology Sydney, Australia"],"raw_orcid":"https://orcid.org/0000-0001-5611-3483","affiliations":[{"raw_affiliation_string":"School of Computer Science, University of Technology Sydney, Australia","institution_ids":["https://openalex.org/I114017466"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081287468","display_name":"Shengshan Hu","orcid":"https://orcid.org/0000-0003-0042-9045"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shengshan Hu","raw_affiliation_strings":["School of Cyber Science and Engineering, Huazhong University of Science and Technology, China"],"raw_orcid":"https://orcid.org/0000-0003-0042-9045","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Huazhong University of Science and Technology, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015011245","display_name":"Leo Yu Zhang","orcid":"https://orcid.org/0000-0001-9330-2662"},"institutions":[{"id":"https://openalex.org/I11701301","display_name":"Griffith University","ror":"https://ror.org/02sc3r913","country_code":"AU","type":"education","lineage":["https://openalex.org/I11701301"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Leo Yu Zhang","raw_affiliation_strings":["School of Information and Communication Technology, Griffith University, Australia"],"raw_orcid":"https://orcid.org/0000-0001-9330-2662","affiliations":[{"raw_affiliation_string":"School of Information and Communication Technology, Griffith University, Australia","institution_ids":["https://openalex.org/I11701301"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5103251488"],"corresponding_institution_ids":["https://openalex.org/I142108993"],"apc_list":null,"apc_paid":null,"fwci":0.852,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.78319259,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"925","last_page":"937"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.963100016117096,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9358000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8772827386856079},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7714788913726807},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6734291315078735},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.6123988628387451},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6117430925369263},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5003902912139893},{"id":"https://openalex.org/keywords/manifold","display_name":"Manifold (fluid mechanics)","score":0.4940233826637268},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.48881933093070984},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.442960262298584},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.3973349332809448},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.08748698234558105}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8772827386856079},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7714788913726807},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6734291315078735},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.6123988628387451},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6117430925369263},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5003902912139893},{"id":"https://openalex.org/C529865628","wikidata":"https://www.wikidata.org/wiki/Q1790740","display_name":"Manifold (fluid mechanics)","level":2,"score":0.4940233826637268},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.48881933093070984},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.442960262298584},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.3973349332809448},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.08748698234558105},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3579856.3590339","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3579856.3590339","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:research-repository.griffith.edu.au:10072/425529","is_oa":true,"landing_page_url":"http://hdl.handle.net/10072/425529","pdf_url":null,"source":{"id":"https://openalex.org/S4306402548","display_name":"Griffith Research Online (Griffith University, Queensland, Australia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I11701301","host_organization_name":"Griffith University","host_organization_lineage":["https://openalex.org/I11701301"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference output"}],"best_oa_location":{"id":"pmh:oai:research-repository.griffith.edu.au:10072/425529","is_oa":true,"landing_page_url":"http://hdl.handle.net/10072/425529","pdf_url":null,"source":{"id":"https://openalex.org/S4306402548","display_name":"Griffith Research Online (Griffith University, Queensland, Australia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I11701301","host_organization_name":"Griffith University","host_organization_lineage":["https://openalex.org/I11701301"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference output"},"sustainable_development_goals":[{"score":0.8100000023841858,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W2064675550","https://openalex.org/W2113459411","https://openalex.org/W2251939518","https://openalex.org/W2799194071","https://openalex.org/W2896457183","https://openalex.org/W2923325523","https://openalex.org/W2949128310","https://openalex.org/W2962718684","https://openalex.org/W2963859254","https://openalex.org/W2973820133","https://openalex.org/W2982054702","https://openalex.org/W2996851481","https://openalex.org/W3034408878","https://openalex.org/W3035164976","https://openalex.org/W3035897475","https://openalex.org/W3101118235","https://openalex.org/W3101449015","https://openalex.org/W3104423855","https://openalex.org/W3169948074","https://openalex.org/W3171610440","https://openalex.org/W3175534941","https://openalex.org/W3202320739","https://openalex.org/W4223913581","https://openalex.org/W4280534256","https://openalex.org/W4285817645","https://openalex.org/W4286980625","https://openalex.org/W4287663507","https://openalex.org/W4287812619","https://openalex.org/W4287815355","https://openalex.org/W4288347417","https://openalex.org/W4301131888","https://openalex.org/W4320926546","https://openalex.org/W4328028508","https://openalex.org/W4385573597"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W4246396837","https://openalex.org/W2482350142","https://openalex.org/W3176240006","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W4297672492","https://openalex.org/W4288019534","https://openalex.org/W4310988119"],"abstract_inverted_index":{"Adversarial":[0],"attacks":[1,162],"are":[2],"a":[3,76,115,227],"serious":[4],"threat":[5],"to":[6,22,39,65,123,135,182],"the":[7,28,42,56,67,103,109,125,203,218,232],"reliable":[8],"deployment":[9],"of":[10,46,58,221],"machine":[11,155],"learning":[12,156],"models":[13,21,53],"in":[14,71,105,207],"safety-critical":[15],"applications.":[16],"They":[17],"can":[18,54,90,174],"misguide":[19],"current":[20],"predict":[23],"incorrectly":[24],"by":[25,101,108],"slightly":[26],"modifying":[27],"inputs.":[29],"Recently,":[30],"substantial":[31],"work":[32,225,239],"has":[33],"shown":[34],"that":[35,172],"adversarial":[36,72,79,99,129,161,222],"examples":[37,97,100],"tend":[38],"deviate":[40],"from":[41],"underlying":[43],"data":[44],"manifold":[45,57,233],"normal":[47,59,96],"examples,":[48,223],"whereas":[49],"pre-trained":[50],"masked":[51,68,110],"language":[52,69,111],"fit":[55],"NLP":[60],"data.":[61],"To":[62],"explore":[63],"how":[64],"use":[66],"model":[70],"detection,":[73],"we":[74],"propose":[75],"novel":[77],"textual":[78,151],"example":[80],"detection":[81,179,205,208],"method,":[82],"namely":[83],"Masked":[84],"Language":[85],"Model-based":[86],"Detection":[87],"(MLMD),":[88],"which":[89],"produce":[91],"clearly":[92],"distinguishable":[93],"signals":[94],"between":[95],"and":[98,117,131,141,158,185,190,210],"exploring":[102],"changes":[104],"manifolds":[106],"induced":[107],"model.":[112],"MLMD":[113,147,173,195],"features":[114],"plug":[116],"play":[118],"usage":[119],"(i.e.,":[120],"no":[121],"need":[122],"retrain":[124],"victim":[126,138],"model)":[127],"for":[128,230,237],"defense":[130],"it":[132],"is":[133,196,240],"agnostic":[134],"classification":[136],"tasks,":[137],"model\u2019s":[139],"architectures,":[140],"to-be-defended":[142],"attack":[143],"methods.":[144],"We":[145],"evaluate":[146],"on":[148,187,217],"various":[149],"benchmark":[150],"datasets,":[152,192],"widely":[153],"studied":[154],"models,":[157],"state-of-the-art":[159],"(SOTA)":[160],"(in":[163],"total":[164],"3*4*4":[165],"=":[166],"48":[167],"settings).":[168],"Experimental":[169],"results":[170],"show":[171],"achieve":[175],"strong":[176],"performance,":[177],"with":[178],"accuracy":[180,209],"up":[181],"0.984,":[183],"0.967,":[184],"0.901":[186],"AG-NEWS,":[188],"IMDB,":[189],"SST-2":[191],"respectively.":[193],"Additionally,":[194],"superior,":[197],"or":[198],"at":[199,243],"least":[200],"comparable":[201],"to,":[202],"SOTA":[204],"defenses":[206,215],"F1":[211],"score.":[212],"Among":[213],"many":[214],"based":[216],"off-manifold":[219],"assumption":[220],"this":[224,238],"offers":[226],"new":[228],"angle":[229],"capturing":[231],"change.":[234],"The":[235],"code":[236],"openly":[241],"accessible":[242],"https://github.com/mlmddetection/MLMDdetection.":[244]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}