Neural Machine Translation (NMT) systems are used in various applications. However, it has been shown that they are vulnerable to very small perturbations of their inputs, known as adversarial attacks. In this paper, we propose a new targeted adversarial attack against NMT models. In particular, our goal is to insert a predefined target keyword into the translation of the adversarial sentence while maintaining similarity between the original sentence and the perturbed one in the source domain. To this aim, we propose an optimization problem, including an adversarial loss term and a similarity term. We use gradient projection in the embedding space to craft an adversarial sentence. Experimental results show that our attack outperforms Seq2Sick, the other targeted adversarial attack against NMT models, in terms of success rate and decrease in translation quality. Our attack succeeds in inserting a keyword into the translation for more than 75% of sentences while similarity with the original sentence stays preserved.

翻译：神经机器翻译（NMT）系统被广泛应用于各类场景。然而，已有研究表明，这些系统易受输入中微小扰动的影响，即所谓的对抗攻击。本文针对NMT模型提出了一种新型定向对抗攻击方法。具体而言，我们的目标是在保持对抗性句子与原句在源域相似性的前提下，将预定义的目标关键词插入翻译结果中。为此，我们构建了一个包含对抗损失项和相似性项的优化问题，并利用嵌入空间中的梯度投影来生成对抗性句子。实验结果表明，在成功率及翻译质量下降程度上，我们的攻击方法优于现有针对NMT模型的另一类定向对抗攻击Seq2Sick。该方法在超过75%的句子中成功将关键词插入翻译结果，同时保持与原句的相似性。