Verifying the robustness of automatic credibility assessment

Text classification methods have been widely investigated as a way to detect content of low credibility: fake news, social media bots, propaganda, etc. Quite accurate models (likely based on deep neural networks) help in moderating public electronic platforms and often cause content creators to face...

Descripción completa

Detalles Bibliográficos
Autores: Przybyla, Piotr, Shvets, Alexander, Saggion, Horacio
Tipo de recurso: artículo
Estado:Versión publicada
Fecha de publicación:2024
País:España
Institución:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
Repositorio:Recercat. Dipósit de la Recerca de Catalunya
OAI Identifier:oai:recercat.cat:10230/72654
Acceso en línea:https://hdl.handle.net/10230/72654
https://dx.doi.org/10.1017/nlp.2024.54
Access Level:acceso abierto
Palabra clave:Adversarial examples
Credibility assessment
Robustness
Misinformation
Benchmark
id ES_99d2f021f4b8e84cfb8231bf4069b6ad
oai_identifier_str oai:recercat.cat:10230/72654
network_acronym_str ES
network_name_str España
repository_id_str
spelling Verifying the robustness of automatic credibility assessmentPrzybyla, PiotrShvets, AlexanderSaggion, HoracioAdversarial examplesCredibility assessmentRobustnessMisinformationBenchmarkText classification methods have been widely investigated as a way to detect content of low credibility: fake news, social media bots, propaganda, etc. Quite accurate models (likely based on deep neural networks) help in moderating public electronic platforms and often cause content creators to face rejection of their submissions or removal of already published texts. Having the incentive to evade further detection, content creators try to come up with a slightly modified version of the text (known as an attack with an adversarial example) that exploit the weaknesses of classifiers and result in a different output. Here we systematically test the robustness of common text classifiers against available attacking techniques and discover that, indeed, meaning-preserving changes in input text can mislead the models. The approaches we test focus on finding vulnerable spans in text and replacing individual characters or words, taking into account the similarity between the original and replacement content. We also introduce BODEGA: a benchmark for testing both victim models and attack methods on four misinformation detection tasks in an evaluation framework designed to simulate real use cases of content moderation. The attacked tasks include (1) fact checking and detection of (2) hyperpartisan news, (3) propaganda, and (4) rumours. Our experimental results show that modern large language models are often more vulnerable to attacks than previous, smaller solutions, e.g. attacks on GEMMA being up to 27% more successful than those on BERT. Finally, we manually analyse a subset adversarial examples and check what kinds of modifications are used in successful attacks.Cambridge University Press2026202620242026info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdfapplication/pdfhttps://hdl.handle.net/10230/72654https://dx.doi.org/10.1017/nlp.2024.54reponame:Recercat. Dipósit de la Recerca de Catalunyainstname:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)InglésNatural Language Processing. 2024;31(5):1134-62This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution and reproduction, provided the original article is properly cited.https://creativecommons.org/licenses/by/4.0/info:eu-repo/semantics/openAccessoai:recercat.cat:10230/726542026-05-29T05:05:01Z
dc.title.none.fl_str_mv Verifying the robustness of automatic credibility assessment
title Verifying the robustness of automatic credibility assessment
spellingShingle Verifying the robustness of automatic credibility assessment
Przybyla, Piotr
Adversarial examples
Credibility assessment
Robustness
Misinformation
Benchmark
title_short Verifying the robustness of automatic credibility assessment
title_full Verifying the robustness of automatic credibility assessment
title_fullStr Verifying the robustness of automatic credibility assessment
title_full_unstemmed Verifying the robustness of automatic credibility assessment
title_sort Verifying the robustness of automatic credibility assessment
dc.creator.none.fl_str_mv Przybyla, Piotr
Shvets, Alexander
Saggion, Horacio
author Przybyla, Piotr
author_facet Przybyla, Piotr
Shvets, Alexander
Saggion, Horacio
author_role author
author2 Shvets, Alexander
Saggion, Horacio
author2_role author
author
dc.subject.none.fl_str_mv Adversarial examples
Credibility assessment
Robustness
Misinformation
Benchmark
topic Adversarial examples
Credibility assessment
Robustness
Misinformation
Benchmark
description Text classification methods have been widely investigated as a way to detect content of low credibility: fake news, social media bots, propaganda, etc. Quite accurate models (likely based on deep neural networks) help in moderating public electronic platforms and often cause content creators to face rejection of their submissions or removal of already published texts. Having the incentive to evade further detection, content creators try to come up with a slightly modified version of the text (known as an attack with an adversarial example) that exploit the weaknesses of classifiers and result in a different output. Here we systematically test the robustness of common text classifiers against available attacking techniques and discover that, indeed, meaning-preserving changes in input text can mislead the models. The approaches we test focus on finding vulnerable spans in text and replacing individual characters or words, taking into account the similarity between the original and replacement content. We also introduce BODEGA: a benchmark for testing both victim models and attack methods on four misinformation detection tasks in an evaluation framework designed to simulate real use cases of content moderation. The attacked tasks include (1) fact checking and detection of (2) hyperpartisan news, (3) propaganda, and (4) rumours. Our experimental results show that modern large language models are often more vulnerable to attacks than previous, smaller solutions, e.g. attacks on GEMMA being up to 27% more successful than those on BERT. Finally, we manually analyse a subset adversarial examples and check what kinds of modifications are used in successful attacks.
publishDate 2024
dc.date.none.fl_str_mv 2024
2026
2026
2026
dc.type.none.fl_str_mv info:eu-repo/semantics/article
info:eu-repo/semantics/publishedVersion
format article
status_str publishedVersion
dc.identifier.none.fl_str_mv https://hdl.handle.net/10230/72654
https://dx.doi.org/10.1017/nlp.2024.54
url https://hdl.handle.net/10230/72654
https://dx.doi.org/10.1017/nlp.2024.54
dc.language.none.fl_str_mv Inglés
language_invalid_str_mv Inglés
dc.relation.none.fl_str_mv Natural Language Processing. 2024;31(5):1134-62
dc.rights.none.fl_str_mv https://creativecommons.org/licenses/by/4.0/
info:eu-repo/semantics/openAccess
rights_invalid_str_mv https://creativecommons.org/licenses/by/4.0/
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
application/pdf
dc.publisher.none.fl_str_mv Cambridge University Press
publisher.none.fl_str_mv Cambridge University Press
dc.source.none.fl_str_mv reponame:Recercat. Dipósit de la Recerca de Catalunya
instname:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
instname_str Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
reponame_str Recercat. Dipósit de la Recerca de Catalunya
collection Recercat. Dipósit de la Recerca de Catalunya
repository.name.fl_str_mv
repository.mail.fl_str_mv
_version_ 1869414320694099968
score 15.812429