Dealing with the unevenness: deeper insights in graph-based attack and defense

Zhan, Haoxi; Pei, Xiaobing

doi:10.1007/s10994-022-06234-4

Cited by 3 publications

(1 citation statement)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Graph neural networks (GNNs) combine node features and graph structure with learning better representations and have achieved signifcant performance in many tasks, e.g., graph classifcation [3], node classifcation [4], and link prediction [5,6]. However, recent studies [7][8][9] have shown that GNNs are vulnerable to adversarial attacks. Te most famous graph adversarial attack is Nettack [8], which reduces the accuracy of GNNs by modifying the graph structure or node features through a surrogate model.…”

Section: Introductionmentioning

confidence: 99%

Feature-Based Graph Backdoor Attack in the Node Classification Task

Chen

Zhao

et al. 2023

International Journal of Intelligent Systems

View full text Add to dashboard Cite

Graph neural networks (GNNs) have shown significant performance in various practical applications due to their strong learning capabilities. Backdoor attacks are a type of attack that can produce hidden attacks on machine learning models. GNNs take backdoor datasets as input to produce an adversary-specified output on poisoned data but perform normally on clean data, which can have grave implications for applications. Backdoor attacks are under-researched in the graph domain, and almost existing graph backdoor attacks focus on the graph-level classification task. To close this gap, we propose a novel graph backdoor attack that uses node features as triggers and does not need knowledge of the GNNs parameters. In the experiments, we find that feature triggers can destroy the feature spaces of the original datasets, resulting in GNNs inability to identify poisoned data and clean data well. An adaptive method is proposed to improve the performance of the backdoor model by adjusting the graph structure. We conducted extensive experiments to validate the effectiveness of our model on three benchmark datasets.

show abstract