The study of the language and “the technologies of the word” as Walter Ong defines it is the “cornerstone” to reach a better understanding of NLP. Delving deeper in Ong’s words, if we consider natural language in its oral mode in contrast with the written mode, then writing is completely artificial.
We might say that writing or spelling differs from speech in the sense that the writing process is governed by rules consciously created, clearly definable, for instance “s” represents a morpheme and “es” another or “-able/-ness/-less/-un”, etc. (You will see my point in this later) Technologies in their essence, following Ong, are internal transformations of the mind therefore writing has an unlimited value essential for the human being realization of its internal capacities.
We might agree on the fact that the paradox here is that technologies are artificial but at the same time what is artificial is only natural for the human being. If interiorized then, it improves life therefore it enriches the human psyche.
Following the same line, it is possible to define “writing” as any semiotic sign, that is, any visible sign that a human being produces and to which meaning is ascribed. So, could a simple mark in a stone be interpreted as a form of writing? Is this enough to conceptualize the written mode in any language? We must narrow down this definition: a system of codified visible signs which composed the words in a form of discourse/ text.
From the linguistic point of view, another paradox is language has to be used to understand language, that is, to understand itself for the chief source material provided for inspection is textual (oral or written). What we call “meta-language”. Now the following question arises: Can a text speak? The answer is: definitely. Can it “word” different ideas? Certainly.
Language itself, the raw "material" behind the script is identified as a means of communication that is "interpersonal". Language is a collectivist activity; its conventions have to be shared by whole groups or societies of varying size before any of its "meanings" become available to individuals within the society.
Furthermore, we think in terms of analyzing those meanings by which texts for instance convey positive or negative assessments, by which the intensity or directness of such attitudinal utterances is strengthened or weakened and by which speakers/writers engage dialogistically with prior speakers or with potential respondents to the current proposition. These meaning making resources are grouped together as the “language of evaluation” on the grounds that they are all means by which the speaker’s/writer’s personal, evaluative involvement in the text is revealed as they adopt stances either toward phenomena (the entities, happenings, or states of affairs being construed by the text) or toward metaphenomena (propositions about these entities, happenings, and states of affairs) (Martin and White, 2005). This appraisal framework lays the foundations for what is known in NLP as Sentiment Analysis.
So far, we have come across a few definitions and specific terminology. How are they related to NLP?
Basically, if you have a look at the linguistics paradigms, semiology, and interpretation theory from Saussure, Chomsky, Havelock, McLuhan, Pierce, Halliday, White, Le Guern, Ricoeur and Eco, to name just a few, the tenets of NLP can be traced to the theoretical framework created by these authors. And precisely most of these theoretical works have reached completely new levels of depth and empirical validation, with many promising new avenues being explored. Take for instance Reinforcement Learning has its roots in Skinner theory, Genetic Algorithms on the idea of Darwinian Theory of evolution and so forth.
Then we can infer the same is true for Adversarial Attacks and its connection with linguistics, grammar, semantics, syntax, and phonology (which I define as the intertwined common core).
As it is known, there has been substantial research using adversarial attacks to “analyze” NLP models. Still, to reproduce NLP attacks and improve the models remain a challenge.
Now, what is an adversarial attack, namely in texts?
First of fall, I must say that there is not a unique definition and researchers have proposed various alternatives to characterize adversarial examples in NLP. Most have come up with the idea that our mental model groups NLP adversarial attacks into two groups, based on their notions of ‘similarity’: visual and semantic.
Of course, we must consider that it is not so straightforward to apply the same ideas of perturbing the input space in the field of Computer Vision (let’s call the noise: optical illusion) to create adversarial examples as in the case of NLP.
Having said that, I would like to propose a conceptualization. In the context of NLP, an adversarial attack is a perturbation -even a very small one, such as a phoneme or morpheme “-able/-ness/-less/-un”, etc.-that has a large impact on sentence meaning. Changing a morpheme, lexeme, or the word order in a sentence can completely modify its interpretation, which lead to misclassification by the model, making it more vulnerable.
Think of these examples:
[1] Loss aversion, overconfidence of investors impacted in market performance.
[2] Less aversion, overconfidence of investors impacted in market performance.
One slight change in a morpheme produce a modification in model prediction and meaning interpretation.
[3] The outstanding performance in the orchestra
[4] The spotless performance in the orchestra
In these examples though the words are synonyms, and the underlying meaning is the same, there is a variation in the interpretation since the algorithm takes the morpheme “less” assigning [4] a negative meaning.
Because no ML/DL algorithm is infallible, “they commit mistakes”. Adversarial examples make “visible” that even simple algorithms may behave differently as it was first intended by the developer, since they turn out to be very sensitive to tiny changes in input. Harnessing this “sensitivity” to modify an algorithm’s behaviour may result in a serious concern for AI security since it is very hard for ML models to produce good outputs for every possible input. Needles to say, the same applies when designing a theoretical model of the adversarial example crafting process to grasp the “hint” for those unnaturally complex token (being a morpheme, word, etc) replacements, which are easily identifiable by humans.