Visual modifications to text are often used obfuscate offensive comments in social media (e.g., "!d10t") or as a writing style ("1337" "leet speak"), among other scenarios. We consider this new type of adversarial attack NLP, setting which humans very robust, our experiments with both simple and more difficult visual input perturbations demonstrate. then investigate the impact attacks on current NLP systems character-, word-, sentence-level tasks, showing that neural non-neural models are, contrast humans, extremely sensitive such attacks, suffering performance decreases up 82\%. explore three shielding methods---visual character embeddings, training, rule-based recovery---which substantially improve robustness models. However, methods still fall behind performances achieved non-attack scenarios, demonstrates difficulty dealing attacks.

Load

Load