Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks

• URL: http://arxiv.org/abs/2009.14455v1
• Date: Wed, 30 Sep 2020 05:29:42 GMT
• Title: Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks
• Authors: Uday Shankar Shanthamallu, Jayaraman J. Thiagarajan and Andreas Spanias
• Abstract summary: Graph Neural Networks (GNNs) are generalizations of neural networks to graph-structured data. GNNs are vulnerable to adversarial attacks, i.e., a small perturbation to the structure can lead to a non-trivial performance degradation. We propose Uncertainty Matching GNN (UM-GNN), that is aimed at improving the robustness of GNN models.
• Score: 43.60973654460398
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Graph Neural Networks (GNNs), a generalization of neural networks to graph-structured data, are often implemented using message passes between entities of a graph. While GNNs are effective for node classification, link prediction and graph classification, they are vulnerable to adversarial attacks, i.e., a small perturbation to the structure can lead to a non-trivial performance degradation. In this work, we propose Uncertainty Matching GNN (UM-GNN), that is aimed at improving the robustness of GNN models, particularly against poisoning attacks to the graph structure, by leveraging epistemic uncertainties from the message passing framework. More specifically, we propose to build a surrogate predictor that does not directly access the graph structure, but systematically extracts reliable knowledge from a standard GNN through a novel uncertainty-matching strategy. Interestingly, this uncoupling makes UM-GNN immune to evasion attacks by design, and achieves significantly improved robustness against poisoning attacks. Using empirical studies with standard benchmarks and a suite of global and target attacks, we demonstrate the effectiveness of UM-GNN, when compared to existing baselines including the state-of-the-art robust GCN.

Related papers

• Provable Robustness of (Graph) Neural Networks Against Data Poisoning and Backdoor Attacks [50.87615167799367]
  We certify Graph Neural Networks (GNNs) against poisoning attacks, including backdoors, targeting the node features of a given graph. Our framework provides fundamental insights into the role of graph structure and its connectivity on the worst-case behavior of convolution-based and PageRank-based GNNs.
  arXiv  Detail & Related papers  (2024-07-15T16:12:51Z)
• Explainable AI Security: Exploring Robustness of Graph Neural Networks to Adversarial Attacks [14.89001880258583]
  Graph neural networks (GNNs) have achieved tremendous success, but recent studies have shown that GNNs are vulnerable to adversarial attacks. We investigate the adversarial robustness of GNNs by considering graph data patterns, model-specific factors, and the transferability of adversarial examples. This work illuminates the vulnerabilities of GNNs and opens many promising avenues for designing robust GNNs.
  arXiv  Detail & Related papers  (2024-06-20T01:24:18Z)
• A Simple and Yet Fairly Effective Defense for Graph Neural Networks [18.140756786259615]
  Graph Neural Networks (GNNs) have emerged as the dominant approach for machine learning on graph-structured data. Existing defense methods against small adversarial perturbations suffer from high time complexity. This paper introduces NoisyGNNs, a novel defense method that incorporates noise into the underlying model's architecture.
  arXiv  Detail & Related papers  (2024-02-21T18:16:48Z)
• HGAttack: Transferable Heterogeneous Graph Adversarial Attack [63.35560741500611]
  Heterogeneous Graph Neural Networks (HGNNs) are increasingly recognized for their performance in areas like the web and e-commerce. This paper introduces HGAttack, the first dedicated gray box evasion attack method for heterogeneous graphs.
  arXiv  Detail & Related papers  (2024-01-18T12:47:13Z)
• Graph Agent Network: Empowering Nodes with Inference Capabilities for Adversarial Resilience [50.460555688927826]
  We propose the Graph Agent Network (GAgN) to address the vulnerabilities of graph neural networks (GNNs) GAgN is a graph-structured agent network in which each node is designed as an 1-hop-view agent. Agents' limited view prevents malicious messages from propagating globally in GAgN, thereby resisting global-optimization-based secondary attacks.
  arXiv  Detail & Related papers  (2023-06-12T07:27:31Z)
• Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation [60.50994154879244]
  Recent studies show that Graph Neural Networks are vulnerable and easily fooled by small perturbations. In this work, we focus on the emerging but critical attack, namely, Graph Injection Attack. We propose a general defense framework CHAGNN against GIA through cooperative homophilous augmentation of graph data and model.
  arXiv  Detail & Related papers  (2022-11-15T11:44:31Z)
• A Hard Label Black-box Adversarial Attack Against Graph Neural Networks [25.081630882605985]
  We conduct a systematic study on adversarial attacks against GNNs for graph classification via perturbing the graph structure. We formulate our attack as an optimization problem, whose objective is to minimize the number of edges to be perturbed in a graph while maintaining the high attack success rate. Our experimental results on three real-world datasets demonstrate that our attack can effectively attack representative GNNs for graph classification with less queries and perturbations.
  arXiv  Detail & Related papers  (2021-08-21T14:01:34Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)
• GNNGuard: Defending Graph Neural Networks against Adversarial Attacks [16.941548115261433]
  We develop GNNGuard, an algorithm to defend against a variety of training-time attacks that perturb the discrete graph structure. GNNGuard learns how to best assign higher weights to edges connecting similar nodes while pruning edges between unrelated nodes. Experiments show that GNNGuard outperforms existing defense approaches by 15.3% on average.
  arXiv  Detail & Related papers  (2020-06-15T06:07:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.