This week we debuted our Python NLP library, TextAttack. TextAttack is a library for adversarial attacks in NLP. It's based around a set of four components:
- A goal function that determines when an attack is successful (for example, changing the predicted class of a classifier)
- A transformation that takes a text input and changes it (swapping words for synonyms, mixing up characters, etc.)
- Some constraints that determine if a perturbation is valid (to make sure perturbations are grammatical, preserve semantics, etc.)
- A search method that efficiently searches through potential perturbations to find the best one
It turns out we can implement *lots* of adversarial attacks from the literature using just these four components. This means that TextAttack unifies a whole body of work that has never before been benchmarked on the same models, in the same codebase.
Another benefit of modularity is that we can use our components (transformations, constraints, models, etc.) for other stuff. Besides running adversarial attacks, TextAttack can do data augmentation and train NLP models – and everything just works, out-of-the-box. (This is very rare for research code!) No downloads required, just `pip install`.
Btw, shout out to huggingface for the awesome tools they make. TextAttack wouldn't be possible without models (from transformers), datasets (from nlp), and tokenizers (from tokenizers :) ). We wouldn't be able to advertise "training a state-of-the-art NLP model in a single command" if it weren't for the great work of the scientists of huggingface!
Check out the project on Github: https://github.com/QData/TextAttack