A Novel Text Adversarial Sample Generation and Defense Method for SIoT Systems

The generation and defense of text adversarial samples are crucial for improving the robustness and security of SIoT systems, as the exchange of information between devices in SIoT relies heavily on NLP technology. However, the discrete nature of text data leads to a lack of contextual integration in current mainstream adversarial sample generation methods based on text replacement. This results in poor stealth of the generated samples and inefficiencies due to excessive queries to the target model. Meanwhile, defense methods like adversarial training are insufficiently universal and generalizable to handle the diverse and complex range of adversarial attack strategies. This paper proposes a contrastive learning-based method for generating text adversarial samples and a mutual information regularization-based method for defending against text adversarial samples, tailored to the characteristics of devices in SIoT systems and the challenges mentioned above. The proposed method leverage keyword localization, optimal perturbation, and candidate set evaluation to enhance the effectiveness of adversarial samples. Additionally, by combining mutual information measures, statistical estimation functions, and idempotent constraints, the model itself is equipped with effective defenses against adversarial samples. Compared to the baseline, the proposed method significantly reduce the magnitude of perturbations and the number of access attempts to the original samples, while greatly increasing the attack success rate. When applying the proposed adversarial sample defense method, the model's accuracy showed a significant improvement after being subjected to adversarial attacks.