A curated list of awesome papers related to robustness, adversarial attacks and defenses for information retrieval(IR). If I missed any papers, feel free to open a PR to include them! And any feedback and contributions are welcome!
We thank all the great contributors very much.
- Adversarial Attack
- Defense
- Out-of-distribution
- Benchmark and Evaluation
- Perspective Papers
- Adversarial Attack and Defense for Image Retrieval
- Other Resources
- Web Spam Taxonomy. Zoltan Gyongyi et.al. AIRWeb 2005.(Web Spamming)
- International Workshop on Adversarial Information Retrieval on the Web. AIRWeb 2005-2009.
- Adversarial web search. Castillo, Carlos, and Brian D. Davison FnTIR 2011.
- MAWSEO: Adversarial Wiki Search Poisoning for Illicit Online Promotion. Zilong Lin et.al. S&P 2024. (Adversarial Revisions)
- Ranking-Incentivized Quality Preserving Content Modification. Goren Gregory et.al. SIGIR 2020.
- One word at a time: adversarial attacks on retrieval models. Raval, Nisarg, and Manisha Verma Arxiv 2020.(White-box)
- Adversarial Semantic Collisions. Congzheng Song et.al. EMNLP 2020.(White-box)
- Bert rankers are brittle: A study using adversarial document perturbations. Yumeng Wang et.al. ICTIR 2022.(White-box)
- PRADA: Practical Black-Box Adversarial Attacks against Neural Ranking Models. Chen Wu et.al. TOIS 2022.(Black-box, Word substitution)
- Order-Disorder: Imitation Adversarial Attacks for Black-box Neural Ranking Models. Jiawei Liu et.al. CCS 2022.(Black-box, Trigger)
- TRAttack: Text Rewriting Attack Against Text Retrieval Junshuai Song et.al. RepL4NLP 2022. (Rewriting Attack, Matching Model)
- Topic-oriented Adversarial Attacks against Black-box Neural Ranking Models. Yu-An Liu et.al. SIGIR 2023.(Black-box, TARA task)
- Towards Imperceptible Document Manipulations against Neural Ranking Models. Xuanang Chen et.al. ACL 2023 findings.(Black-box, Prompt)
- Black-box Adversarial Attacks against Dense Retrieval Models: A Multi-view Contrastive Learning Method Yu-An Liu et.al. CIKM 2023.(Black-box, Dense Retrieval Attack)
- Boosting Big Brother: Attacking Search Engines with Encodings. Nicholas Boucher et.al. RAID 2023.(Encoding attack)
- IRGAN: A Minimax Game for Unifying Generative and Discriminative Information Retrieval Models Wang, Jun, et al. SIGIR 2017.(IRGAN)
- Adversarial Sampling and Training for Semi-Supervised Information Retrieval Park, Dae Hoon, Yi Chang WWW 2019.(AdvIR)
- Adversarial Retriever-Ranker for dense text retrieval Zhang, Hang, et al. ICLR 2022.(AR2)
- Towards Robust Ranker for Text Retrieval Yucheng, Zhou, et al. Arxiv 2022.(R2ANKER)
- Dealing with textual noise for robust and effective BERT re-ranking Chen, Xuanang, et al. IPM 2023.
- A Study on FGSM Adversarial Training for Neural Retrieval Lupart, Simon, Stéphane Clinchant ECIR 2023.
- Certified Robustness to Word Substitution Ranking Attack for Neural Ranking Models Chen Wu et.al. CIKM 2022
- Defense of Adversarial Ranking Attack in Text Retrieval: Benchmark and Baseline via Detection Xuanang Chen et.al. Arxiv 2023
Looking for Zero-shot/Few-shot in Dense Retrieval Models collected by Yinqiong Cai.
- Cross Domain Regularization for Neural Ranking Models using Adversarial Learning Cohen, Daniel, et al. SIGIR 2018.
- Few-Shot Text Ranking with Meta Adapted Synthetic Weak Supervision Si Sun et al. ACL 2021.(MetaAdaptRank)
- Contrastive Fine-tuning Improves Robustness for Neural Rankers Xiaofei Ma et al. ACL 2021.
- Learning List-Level Domain-Invariant Representations for Ranking Ruicheng Xian et al. Arxiv 2022.(ListDA)
- Dealing with Typos for BERT-based Passage Retrieval and Ranking Shengyao Zhuang et al. EMNLP 2021.(DRTA)
- Towards Robust Dense Retrieval via Local Ranking Alignment Xuanang Chen et al. IJCAI 2022.(RoDR)
- Evaluating the Robustness of Retrieval Pipelines with Query Variation Generators Penha Gustavo et al. ECIR 2022.
- CharacterBERT and Self-Teaching for Improving the Robustness of Dense Retrievers on Queries with Typos Shengyao Zhuang et al. SIGIR 2022.(CBST)
- Analysing the Robustness of Dual Encoders for Dense Retrieval Against Misspellings Sidiropoulos Georgios et al. SIGIR 2022.(DACL)
- MIRS: [MASK] Insertion Based Retrieval Stabilizer for Query Variations Junping Liu et al. DEXA 2023.(MIRS)
- Are Neural Ranking Models Robust? Chen Wu et.al. TOIS 2022
- Evaluating Interpolation and Extrapolation Performance of Neural Retrieval Models. Jingtao Zhan et.al. CIKM 2022
- Competitive Search. Oren Kurland et.al. SIGIR 2022.(Competitive Search)
- A Game Theoretic Analysis of the Adversarial Retrieval Setting. Basat, Ran Ben et.al. JAIR 2017.(PRP is sub-optimal)
- Targeted Mismatch Adversarial Attack: Query with a Flower to Retrieve the Tower Giorgos Tolias et al. ICCV 2019.(TMA)
- Universal Perturbation Attack Against Image Retrieval Jie Li et al. ICCV 2019.(UAP)
- Adversarial Ranking Attack and Defense Mo Zhou et al. ECCV 2020.(Candidate Attack and Query Attack)
- You See What I Want You to See: Exploring Targeted Black-Box Transferability Attack for Hash-based Image Retrieval Systems Yanru Xiao et al. CVPR 2021.(Hash-based: Noise-induced Adversarial Generation)
- Practical Relative Order Attack in Deep Ranking Mo Zhou et al. ICCV 2021.
- QAIR: Practical Query-efficient Black-Box Attacks for Image Retrieval Xiaodan Li et al. CVPR 2021.(Query-based Attack against Image Retrieval)
- ARRA: Absolute-Relative Ranking Attack against Image Retrieval Siyuan Li et al. MM 2022.(ARRA)
- RetrievalGuard: Provably Robust 1-Nearest Neighbor Image Retrieval Yihan Wu et al. ICML 2022.(RetrievalGuard)
- CREDENCE: Counterfactual Explanations for Document Ranking Rorseth Joel et al. Arxiv 2023. Webpage of interactive tool