Machine learning models are vulnerable to maliciously crafted Adversarial Examples (AEs). Training a machine learning model with AEs improves its robustness and stability against adversarial attacks. It is essential to develop models that produce high-quality AEs. Developing such models has been much slower in natural language processing (NLP) than in areas such as computer vision. This paper introduces a practical and efficient adversarial attack model called SSCAE for \textbf{S}emantic, \textbf{S}yntactic, and \textbf{C}ontext-aware natural language \textbf{AE}s generator. SSCAE identifies important words and uses a masked language model to generate an early set of substitutions. Next, two well-known language models are employed to evaluate the initial set in terms of semantic and syntactic characteristics. We introduce (1) a dynamic threshold to capture more efficient perturbations and (2) a local greedy search to generate high-quality AEs. As a black-box method, SSCAE generates humanly imperceptible and context-aware AEs that preserve semantic consistency and the source language's syntactical and grammatical requirements. The effectiveness and superiority of the proposed SSCAE model are illustrated with fifteen comparative experiments and extensive sensitivity analysis for parameter optimization. SSCAE outperforms the existing models in all experiments while maintaining a higher semantic consistency with a lower query number and a comparable perturbation rate.

翻译：机器学习模型易受恶意构造的对抗样本（AEs）攻击。通过对抗样本训练机器学习模型可提升其面对对抗攻击的鲁棒性与稳定性，因此开发能生成高质量对抗样本的模型至关重要。相较于计算机视觉等领域，自然语言处理（NLP）中此类模型的发展进展缓慢。本文提出一种实用高效的对抗攻击模型SSCAE，用于生成语义、句法与上下文感知的自然语言对抗样本。SSCAE首先识别关键词语，并利用掩码语言模型生成初始替换集合；随后采用两种经典语言模型从语义与句法特征角度评估初始集合。我们引入（1）动态阈值以捕获更高效的扰动，以及（2）局部贪心搜索以生成高质量对抗样本。作为黑盒方法，SSCAE可生成人类难以察觉且具备上下文感知能力的对抗样本，同时保持语义一致性并符合源语言的句法语法规则。通过十五组对比实验及面向参数优化的广泛敏感性分析，验证了所提SSCAE模型的有效性与优越性。在所有实验中，SSCAE均以更低查询次数与可比扰动率实现更高语义一致性，性能优于现有模型。