Understanding Universal Adversarial Attack and Defense on Graph

IF 4.1 4区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

International Journal on Semantic Web and Information Systems Pub Date : 2022-01-01 DOI:10.4018/ijswis.308812

Tianfeng Wang, Zhisong Pan, Guyu Hu, Yexin Duan, Yu Pan

{"title":"Understanding Universal Adversarial Attack and Defense on Graph","authors":"Tianfeng Wang, Zhisong Pan, Guyu Hu, Yexin Duan, Yu Pan","doi":"10.4018/ijswis.308812","DOIUrl":null,"url":null,"abstract":"Compared with traditional machine learning model, graph neural networks (GNNs) have distinct advantages in processing unstructured data. However, the vulnerability of GNNs cannot be ignored. Graph universal adversarial attack is a special type of attack on graph which can attack any targeted victim by flipping edges connected to anchor nodes. In this paper, we propose the forward-derivative-based graph universal adversarial attack (FDGUA). Firstly, we point out that one node as training data is sufficient to generate an effective continuous attack vector. Then we discretize the continuous attack vector based on forward derivative. FDGUA can achieve impressive attack performance that three anchor nodes can result in attack success rate higher than 80% for the dataset Cora. Moreover, we propose the first graph universal adversarial training (GUAT) to defend against universal adversarial attack. Experiments show that GUAT can effectively improve the robustness of the GNNs without degrading the accuracy of the model.","PeriodicalId":54934,"journal":{"name":"International Journal on Semantic Web and Information Systems","volume":"30 1","pages":"1-21"},"PeriodicalIF":4.1000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal on Semantic Web and Information Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.4018/ijswis.308812","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 2

Abstract

Compared with traditional machine learning model, graph neural networks (GNNs) have distinct advantages in processing unstructured data. However, the vulnerability of GNNs cannot be ignored. Graph universal adversarial attack is a special type of attack on graph which can attack any targeted victim by flipping edges connected to anchor nodes. In this paper, we propose the forward-derivative-based graph universal adversarial attack (FDGUA). Firstly, we point out that one node as training data is sufficient to generate an effective continuous attack vector. Then we discretize the continuous attack vector based on forward derivative. FDGUA can achieve impressive attack performance that three anchor nodes can result in attack success rate higher than 80% for the dataset Cora. Moreover, we propose the first graph universal adversarial training (GUAT) to defend against universal adversarial attack. Experiments show that GUAT can effectively improve the robustness of the GNNs without degrading the accuracy of the model.

查看原文本刊更多论文

理解图上的通用对抗性攻击和防御

与传统的机器学习模型相比，图神经网络在处理非结构化数据方面具有明显的优势。然而，gnn的脆弱性也不容忽视。图通用对抗性攻击是对图的一种特殊类型的攻击，它可以通过翻转与锚节点相连的边来攻击任何目标对象。在本文中，我们提出了基于正导数的图通用对抗攻击(FDGUA)。首先，我们指出一个节点作为训练数据足以产生有效的连续攻击向量。然后基于前向导数对连续攻击向量进行离散化。FDGUA可以获得令人印象深刻的攻击性能，对于数据集Cora，三个锚节点可以导致攻击成功率高于80%。此外，我们提出了第一个图通用对抗性训练(GUAT)来防御通用对抗性攻击。实验表明，GUAT可以在不降低模型精度的前提下有效地提高gnn的鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal on Semantic Web and Information Systems 工程技术-计算机：人工智能

CiteScore

6.20

自引率

12.50%

发文量

审稿时长

20 months

期刊介绍： The International Journal on Semantic Web and Information Systems (IJSWIS) promotes a knowledge transfer channel where academics, practitioners, and researchers can discuss, analyze, criticize, synthesize, communicate, elaborate, and simplify the more-than-promising technology of the semantic Web in the context of information systems. The journal aims to establish value-adding knowledge transfer and personal development channels in three distinctive areas: academia, industry, and government.