Link Prediction Adversarial Attack Via Iterative Gradient Attack

Chen, Jinyin; Lin, Xiang; Shi, Ziqiang; Liu, Yi

doi:10.1109/tcss.2020.3004059

Cited by 46 publications

(17 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Interestingly, our observations in the case studies agree only partially with a heuristic community detection attack strategy called DICE [42], which has been used as a baseline for attacking link prediction in [4]. Inspired by modularity, DICE randomly disconnect internally and connect externally [42], of which the goal is to hide the a group of nodes from being detected as a community.…”

Section: Case Studiessupporting

confidence: 58%

“…The robustness for NE based link prediction is much less investigated than classification, and is considered more often as a way to evaluate the robustness of the NE method, such as in [34,2,38]. To the best of our knowledge, there are only two works on adversarial attacks for link prediction based on NE: one targeting the GNN-based SEAL [51] with structural perturbations and one targeting GCN with iterative gradient attack [4].…”

Section: Related Workmentioning

confidence: 99%

“…It includes semisupervised node classification [56,57,58,46,55,45,11,3,60,59,40], and graph classification [7,29,20]. Only a few works consider the link-level task [26,4,2,9], leaving robustness of NE methods for link prediction insufficiently explored.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Adversarial Robustness of Probabilistic Network Embedding for Link Prediction

Chen

Kang

Lijffijt

et al. 2021

Preprint

View full text Add to dashboard Cite

In today's networked society, many real-world problems can be formalized as predicting links in networks, such as Facebook friendship suggestions, e-commerce recommendations, and the prediction of scientific collaborations in citation networks. Increasingly often, link prediction problem is tackled by means of network embedding methods, owing to their state-of-the-art performance. However, these methods lack transparency when compared to simpler baselines, and as a result their robustness against adversarial attacks is a possible point of concern: could one or a few small adversarial modifications to the network have a large impact on the link prediction performance when using a network embedding model? Prior research has already investigated adversarial robustness for network embedding models, focused on classification at the node and graph level. Robustness with respect to the link prediction downstream task, on the other hand, has been explored much less. This paper contributes to filling this gap, by studying adversarial robustness of Conditional Network Embedding (CNE), a state-of-the-art probabilistic network embedding model, for link prediction. More specifically, given CNE and a network, we measure the sensitivity of the link predictions of the model to small adversarial perturbations of the network, namely changes of the link status of a node pair. Thus, our approach allows one to identify the links and non-links in the network that are most vulnerable to such perturbations, for further investigation by an analyst. We analyze the characteristics of the most and least sensitive perturbations, and empirically confirm that our approach not only succeeds in identifying the most vulnerable links and non-links, but also that it does so in a time-efficient manner thanks to an effective approximation.

show abstract

Section: Case Studiessupporting

confidence: 58%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Adversarial Robustness of Probabilistic Network Embedding for Link Prediction

Chen

Kang

Lijffijt

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Now we present our sign stochastic gradient descent (signSGD) algorithm to solve the attack optimization problem in Eq (7). Before presenting signSGD, we first describe the method to compute 𝑝 (Θ), where only hard label is returned when querying the GNN model; and then introduce a query-efficient gradient computation algorithm to compute the gradients of 𝑝 (Θ).…”

Section: Generating Adversarial Graphs Via Signsgdmentioning

confidence: 99%

“…Existing studies have shown that GNNs are vulnerable to adversarial attacks [5,6,33,46,48,61], which deceive a GNN to produce wrong labels for specific target graphs (in graph classification tasks) or target nodes (in node classification tasks). According to the stages when these attacks occur, they can be classified into training-time poisoning attacks [30,46,53,63,64] and testing time adversarial attacks [7,9,27,32,43,48]. In this paper, we focus on testing time adversarial attacks against classification attacks.…”

Section: Related Workmentioning

confidence: 99%

A Hard Label Black-box Adversarial Attack Against Graph Neural Networks

Mu¹,

Wang²,

Li³

et al. 2021

Preprint

View full text Add to dashboard Cite

Graph Neural Networks (GNNs) have achieved state-of-the-art performance in various graph structure related tasks such as node classification and graph classification. However, GNNs are vulnerable to adversarial attacks. Existing works mainly focus on attacking GNNs for node classification; nevertheless, the attacks against GNNs for graph classification have not been well explored.In this work, we conduct a systematic study on adversarial attacks against GNNs for graph classification via perturbing the graph structure. In particular, we focus on the most challenging attack, i.e., hard label black-box attack, where an attacker has no knowledge about the target GNN model and can only obtain predicted labels through querying the target model. To achieve this goal, we formulate our attack as an optimization problem, whose objective is to minimize the number of edges to be perturbed in a graph while maintaining the high attack success rate. The original optimization problem is intractable to solve, and we relax the optimization problem to be a tractable one, which is solved with theoretical convergence guarantee. We also design a coarse-grained searching algorithm and a query-efficient gradient computation algorithm to decrease the number of queries to the target GNN model. Our experimental results on three real-world datasets demonstrate that our attack can effectively attack representative GNNs for graph classification with less queries and perturbations. We also evaluate the effectiveness of our attack under two defenses: one is well-designed adversarial graph detector and the other is that the target GNN model itself is equipped with a defense to prevent adversarial graph generation. Our experimental results show that such defenses are not effective enough, which highlights more advanced defenses. CCS CONCEPTS• Security and privacy; • Computing methodologies → Machine learning;

show abstract

Zero Touch Network and Service Management (ZSM) Security

Porambage,

Liyanage

2023

Security and Privacy Vision in 6G

View full text Add to dashboard Cite

Link Prediction Adversarial Attack Via Iterative Gradient Attack

Cited by 46 publications

References 48 publications

Adversarial Robustness of Probabilistic Network Embedding for Link Prediction

Adversarial Robustness of Probabilistic Network Embedding for Link Prediction

A Hard Label Black-box Adversarial Attack Against Graph Neural Networks

Zero Touch Network and Service Management (ZSM) Security

Contact Info

Product

Resources

About