MAXIM: Improving and explaining robustness of NMT systems

Neural Machine Translation (NMT) models have been shown to be vulnerable to adversarial attacks, wherein carefully crafted perturbations of the input can mislead the target model. In this project, we introduce novel attack framework against NMT. In our attacks, the adversary may aim to craft meaning-preserving adversarial examples whose translations in the target language by the NMT model belong to a different class than the original translations. Or by adding a word between two sentences, the target NMT model may ignore the second sentence in translation. Unlike previous attacks, our new approaches have a more substantial effect on the translation by altering the overall meaning. This new framework can reveal the vulnerabilities of NMT systems compared to tradition methods.