利用边缘和特征扰动检测图对抗攻击的目标

IF 4.5 2区计算机科学 Q1 COMPUTER SCIENCE, CYBERNETICS

IEEE Transactions on Computational Social Systems Pub Date : 2024-01-25 DOI:10.1109/TCSS.2023.3344642

Boyi Lee;Jhao-Yin Jhang;Lo-Yao Yeh;Ming-Yi Chang;Chia-Mei Chen;Chih-Ya Shen

{"title":"利用边缘和特征扰动检测图对抗攻击的目标","authors":"Boyi Lee;Jhao-Yin Jhang;Lo-Yao Yeh;Ming-Yi Chang;Chia-Mei Chen;Chih-Ya Shen","doi":"10.1109/TCSS.2023.3344642","DOIUrl":null,"url":null,"abstract":"Graph neural networks (GNNs) enable many novel applications and achieve excellent performance. However, their performance may be significantly degraded by the graph adversarial attacks, which intentionally add small perturbations to the graph. Previous countermeasures usually handle such attacks by enhancing model robustness. However, robust models cannot identify the \n<italic>target nodes\n of the adversarial attacks, and thus we are unable to pinpoint the weak spots and analyze the causes or the targets of the attacks. In this article, we study the important research problem to detect the \n<italic>target nodes\n of graph adversarial attacks under the \n<italic>black-box detection\n scenario, which is particularly challenging because our detection models do not have any knowledge about the attacker, while the attackers usually employ unnoticeability strategies to minimize the chance of being detected. To our best knowledge, this is the first work that aims at detecting the \n<italic>target nodes\n of graph adversarial attacks under the \n<italic>black-box detector\n scenario. We propose two detection models, named \n<italic>Det-H\n and \n<italic>Det-RL\n, which employ different techniques that effectively detect the target nodes under the black-box detection scenario against various graph adversarial attacks. To enhance the generalization of the proposed detectors, we further propose two novel surrogate attackers that are able to generate effective attack examples and camouflage their attack traces for training robust detectors. In addition, we propose three strategies to effectively improve the training efficiency. Experimental results on multiple datasets show that our proposed detectors significantly outperform the other baselines against multiple state-of-the-art graph adversarial attackers with various attack strategies. The proposed \n<italic>Det-RL\n detector achieves an averaged area under curve (AUC) of \n<inline-formula><tex-math>$0.945$</tex-math></inline-formula>\n against all the attackers, and our efficiency-improving strategies are able save up to \n<inline-formula><tex-math>$91$</tex-math></inline-formula>\n% of the training time.","PeriodicalId":13044,"journal":{"name":"IEEE Transactions on Computational Social Systems","volume":null,"pages":null},"PeriodicalIF":4.5000,"publicationDate":"2024-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detecting Targets of Graph Adversarial Attacks With Edge and Feature Perturbations\",\"authors\":\"Boyi Lee;Jhao-Yin Jhang;Lo-Yao Yeh;Ming-Yi Chang;Chia-Mei Chen;Chih-Ya Shen\",\"doi\":\"10.1109/TCSS.2023.3344642\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Graph neural networks (GNNs) enable many novel applications and achieve excellent performance. However, their performance may be significantly degraded by the graph adversarial attacks, which intentionally add small perturbations to the graph. Previous countermeasures usually handle such attacks by enhancing model robustness. However, robust models cannot identify the \\n<italic>target nodes\\n of the adversarial attacks, and thus we are unable to pinpoint the weak spots and analyze the causes or the targets of the attacks. In this article, we study the important research problem to detect the \\n<italic>target nodes\\n of graph adversarial attacks under the \\n<italic>black-box detection\\n scenario, which is particularly challenging because our detection models do not have any knowledge about the attacker, while the attackers usually employ unnoticeability strategies to minimize the chance of being detected. To our best knowledge, this is the first work that aims at detecting the \\n<italic>target nodes\\n of graph adversarial attacks under the \\n<italic>black-box detector\\n scenario. We propose two detection models, named \\n<italic>Det-H\\n and \\n<italic>Det-RL\\n, which employ different techniques that effectively detect the target nodes under the black-box detection scenario against various graph adversarial attacks. To enhance the generalization of the proposed detectors, we further propose two novel surrogate attackers that are able to generate effective attack examples and camouflage their attack traces for training robust detectors. In addition, we propose three strategies to effectively improve the training efficiency. Experimental results on multiple datasets show that our proposed detectors significantly outperform the other baselines against multiple state-of-the-art graph adversarial attackers with various attack strategies. The proposed \\n<italic>Det-RL\\n detector achieves an averaged area under curve (AUC) of \\n<inline-formula><tex-math>$0.945$</tex-math></inline-formula>\\n against all the attackers, and our efficiency-improving strategies are able save up to \\n<inline-formula><tex-math>$91$</tex-math></inline-formula>\\n% of the training time.\",\"PeriodicalId\":13044,\"journal\":{\"name\":\"IEEE Transactions on Computational Social Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.5000,\"publicationDate\":\"2024-01-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Computational Social Systems\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10414418/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, CYBERNETICS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computational Social Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10414418/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, CYBERNETICS","Score":null,"Total":0}

引用次数: 0

摘要

图神经网络（GNN）可以实现许多新奇的应用，并且性能卓越。然而，图对抗攻击会故意在图中添加微小扰动，严重降低图神经网络的性能。以往的应对措施通常是通过增强模型的鲁棒性来处理此类攻击。然而，鲁棒性模型无法识别对抗性攻击的目标节点，因此我们无法精确定位薄弱点，也无法分析攻击的原因或目标。在本文中，我们研究了在黑盒检测场景下检测图对抗攻击的目标节点这一重要研究课题。由于我们的检测模型对攻击者一无所知，而攻击者通常采用不引人注意的策略以尽量减少被检测到的机会，因此检测目标节点尤其具有挑战性。据我们所知，这是第一项在黑盒检测器场景下检测图对抗攻击目标节点的工作。我们提出了两种检测模型，分别命名为 Det-H 和 Det-RL，它们采用了不同的技术，能在黑盒检测场景下有效地检测出目标节点，以对抗各种图对抗攻击。为了增强所提检测器的通用性，我们进一步提出了两种新型代理攻击者，它们能够生成有效的攻击示例，并伪装其攻击痕迹以训练健壮的检测器。此外，我们还提出了三种有效提高训练效率的策略。在多个数据集上的实验结果表明，我们提出的检测器在对抗多种攻击策略的最先进图对抗攻击者时，性能明显优于其他基线检测器。所提出的 Det-RL 检测器在对抗所有攻击者时的平均曲线下面积（AUC）达到了 0.945 美元，而我们的提高效率策略能够节省高达 91% 的训练时间。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detecting Targets of Graph Adversarial Attacks With Edge and Feature Perturbations

Graph neural networks (GNNs) enable many novel applications and achieve excellent performance. However, their performance may be significantly degraded by the graph adversarial attacks, which intentionally add small perturbations to the graph. Previous countermeasures usually handle such attacks by enhancing model robustness. However, robust models cannot identify the target nodes of the adversarial attacks, and thus we are unable to pinpoint the weak spots and analyze the causes or the targets of the attacks. In this article, we study the important research problem to detect the target nodes of graph adversarial attacks under the black-box detection scenario, which is particularly challenging because our detection models do not have any knowledge about the attacker, while the attackers usually employ unnoticeability strategies to minimize the chance of being detected. To our best knowledge, this is the first work that aims at detecting the target nodes of graph adversarial attacks under the black-box detector scenario. We propose two detection models, named Det-H and Det-RL , which employ different techniques that effectively detect the target nodes under the black-box detection scenario against various graph adversarial attacks. To enhance the generalization of the proposed detectors, we further propose two novel surrogate attackers that are able to generate effective attack examples and camouflage their attack traces for training robust detectors. In addition, we propose three strategies to effectively improve the training efficiency. Experimental results on multiple datasets show that our proposed detectors significantly outperform the other baselines against multiple state-of-the-art graph adversarial attackers with various attack strategies. The proposed Det-RL detector achieves an averaged area under curve (AUC) of

$0.945$

against all the attackers, and our efficiency-improving strategies are able save up to

$91$

% of the training time.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Computational Social Systems Social Sciences-Social Sciences (miscellaneous)

CiteScore

10.00

自引率

20.00%

发文量

316

期刊介绍： IEEE Transactions on Computational Social Systems focuses on such topics as modeling, simulation, analysis and understanding of social systems from the quantitative and/or computational perspective. "Systems" include man-man, man-machine and machine-machine organizations and adversarial situations as well as social media structures and their dynamics. More specifically, the proposed transactions publishes articles on modeling the dynamics of social systems, methodologies for incorporating and representing socio-cultural and behavioral aspects in computational modeling, analysis of social system behavior and structure, and paradigms for social systems modeling and simulation. The journal also features articles on social network dynamics, social intelligence and cognition, social systems design and architectures, socio-cultural modeling and representation, and computational behavior modeling, and their applications.