Stealthy Backdoor Attacks on Graph Neural Networks via Relational Constraint Modeling

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-06-14 DOI:10.1016/j.compeleceng.2025.110483

Deshan Yang , Limin Pan , Jinjie Zhou , Senlin Luo , Peng Luan

{"title":"Stealthy Backdoor Attacks on Graph Neural Networks via Relational Constraint Modeling","authors":"Deshan Yang , Limin Pan , Jinjie Zhou , Senlin Luo , Peng Luan","doi":"10.1016/j.compeleceng.2025.110483","DOIUrl":null,"url":null,"abstract":"<div><div>Graph Neural Networks (GNNs) have achieved significant success in tasks like node and graph classification, yet they remain vulnerable to backdoor attacks. Traditional attack methods often rely on node feature manipulation, neglecting the structural relationships within graphs, which makes their triggers more detectable. To address this limitation, we propose a <u>R</u>elationally <u>C</u>onstrained <u>C</u>onditional GAN <u>B</u>ackdoor <u>A</u>ttack (RCCBA). Our method employs a hybrid expert model that combines diverse graph neural network architectures to capture both feature and structural information, thus enabling more robust trigger node selection via a centrality-based rule that identifies nodes with minimal impact on neighboring nodes. Additionally, relationship constraints ensure that the triggers generated by the conditional GAN closely mimic the original graph, enhancing imperceptible and attack success. Experimental results demonstrate that RCCBA achieves an average attack success rate exceeding 90% with a minimal poisoning rate of less than 0.1%, and successfully circumvents pruning-based and outlier detection defenses. The real-world implications of this work are significant for domains such as social networks, recommendation systems, and fraud detection, and our findings highlight the need for future defense strategies that address both feature and structural vulnerabilities in GNN security.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"126 ","pages":"Article 110483"},"PeriodicalIF":4.0000,"publicationDate":"2025-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625004264","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Graph Neural Networks (GNNs) have achieved significant success in tasks like node and graph classification, yet they remain vulnerable to backdoor attacks. Traditional attack methods often rely on node feature manipulation, neglecting the structural relationships within graphs, which makes their triggers more detectable. To address this limitation, we propose a Relationally Constrained Conditional GAN Backdoor Attack (RCCBA). Our method employs a hybrid expert model that combines diverse graph neural network architectures to capture both feature and structural information, thus enabling more robust trigger node selection via a centrality-based rule that identifies nodes with minimal impact on neighboring nodes. Additionally, relationship constraints ensure that the triggers generated by the conditional GAN closely mimic the original graph, enhancing imperceptible and attack success. Experimental results demonstrate that RCCBA achieves an average attack success rate exceeding 90% with a minimal poisoning rate of less than 0.1%, and successfully circumvents pruning-based and outlier detection defenses. The real-world implications of this work are significant for domains such as social networks, recommendation systems, and fraud detection, and our findings highlight the need for future defense strategies that address both feature and structural vulnerabilities in GNN security.

查看原文本刊更多论文

基于关系约束建模的图神经网络隐形后门攻击

图神经网络（gnn）在节点和图分类等任务中取得了重大成功，但它们仍然容易受到后门攻击。传统的攻击方法往往依赖于节点特征操作，忽略了图内的结构关系，这使得它们的触发器更容易被检测到。为了解决这一限制，我们提出了一种关系约束条件GAN后门攻击（RCCBA）。我们的方法采用混合专家模型，该模型结合了不同的图神经网络架构来捕获特征和结构信息，从而通过基于中心性的规则来实现更稳健的触发节点选择，该规则识别对相邻节点影响最小的节点。此外，关系约束确保了条件GAN生成的触发器与原始图紧密模仿，提高了不可见性和攻击成功率。实验结果表明，RCCBA平均攻击成功率超过90%，最小中毒率小于0.1%，并成功规避了基于修剪和离群检测的防御。这项工作的现实意义对于社交网络、推荐系统和欺诈检测等领域具有重要意义，我们的研究结果强调了未来需要解决GNN安全中的特征和结构漏洞的防御策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.