Generating Adversarial Examples with Graph Neural Networks
- URL: http://arxiv.org/abs/2105.14644v1
- Date: Sun, 30 May 2021 22:46:41 GMT
- Title: Generating Adversarial Examples with Graph Neural Networks
- Authors: Florian Jaeckle and M. Pawan Kumar
- Abstract summary: We propose a novel attack based on a graph neural network (GNN) that takes advantage of the strengths of both approaches.
We show that our method beats state-of-the-art adversarial attacks, including PGD-attack, MI-FGSM, and Carlini and Wagner attack.
We provide a new challenging dataset specifically designed to allow for a more illustrative comparison of adversarial attacks.
- Score: 26.74003742013481
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Recent years have witnessed the deployment of adversarial attacks to evaluate
the robustness of Neural Networks. Past work in this field has relied on
traditional optimization algorithms that ignore the inherent structure of the
problem and data, or generative methods that rely purely on learning and often
fail to generate adversarial examples where they are hard to find. To alleviate
these deficiencies, we propose a novel attack based on a graph neural network
(GNN) that takes advantage of the strengths of both approaches; we call it
AdvGNN. Our GNN architecture closely resembles the network we wish to attack.
During inference, we perform forward-backward passes through the GNN layers to
guide an iterative procedure towards adversarial examples. During training, its
parameters are estimated via a loss function that encourages the efficient
computation of adversarial examples over a time horizon. We show that our
method beats state-of-the-art adversarial attacks, including PGD-attack,
MI-FGSM, and Carlini and Wagner attack, reducing the time required to generate
adversarial examples with small perturbation norms by over 65\%. Moreover,
AdvGNN achieves good generalization performance on unseen networks. Finally, we
provide a new challenging dataset specifically designed to allow for a more
illustrative comparison of adversarial attacks.
Related papers
- HGAttack: Transferable Heterogeneous Graph Adversarial Attack [63.35560741500611]
Heterogeneous Graph Neural Networks (HGNNs) are increasingly recognized for their performance in areas like the web and e-commerce.
This paper introduces HGAttack, the first dedicated gray box evasion attack method for heterogeneous graphs.
arXiv Detail & Related papers (2024-01-18T12:47:13Z) - Everything Perturbed All at Once: Enabling Differentiable Graph Attacks [61.61327182050706]
Graph neural networks (GNNs) have been shown to be vulnerable to adversarial attacks.
We propose a novel attack method called Differentiable Graph Attack (DGA) to efficiently generate effective attacks.
Compared to the state-of-the-art, DGA achieves nearly equivalent attack performance with 6 times less training time and 11 times smaller GPU memory footprint.
arXiv Detail & Related papers (2023-08-29T20:14:42Z) - Spectral Adversarial Training for Robust Graph Neural Network [36.26575133994436]
Graph Neural Networks (GNNs) are vulnerable to slight but adversarially designed perturbations.
Adversarial Training (AT) is a successful approach to learning a robust model using adversarially perturbed training samples.
We propose Spectral Adversarial Training (SAT), a simple yet effective adversarial training approach for GNNs.
arXiv Detail & Related papers (2022-11-20T07:56:55Z) - What Does the Gradient Tell When Attacking the Graph Structure [44.44204591087092]
We present a theoretical demonstration revealing that attackers tend to increase inter-class edges due to the message passing mechanism of GNNs.
By connecting dissimilar nodes, attackers can more effectively corrupt node features, making such attacks more advantageous.
We propose an innovative attack loss that balances attack effectiveness and imperceptibility, sacrificing some attack effectiveness to attain greater imperceptibility.
arXiv Detail & Related papers (2022-08-26T15:45:20Z) - CAP: Co-Adversarial Perturbation on Weights and Features for Improving
Generalization of Graph Neural Networks [59.692017490560275]
Adversarial training has been widely demonstrated to improve model's robustness against adversarial attacks.
It remains unclear how the adversarial training could improve the generalization abilities of GNNs in the graph analytics problem.
We construct the co-adversarial perturbation (CAP) optimization problem in terms of weights and features, and design the alternating adversarial perturbation algorithm to flatten the weight and feature loss landscapes alternately.
arXiv Detail & Related papers (2021-10-28T02:28:13Z) - Discriminator-Free Generative Adversarial Attack [87.71852388383242]
Agenerative-based adversarial attacks can get rid of this limitation.
ASymmetric Saliency-based Auto-Encoder (SSAE) generates the perturbations.
The adversarial examples generated by SSAE not only make thewidely-used models collapse, but also achieves good visual quality.
arXiv Detail & Related papers (2021-07-20T01:55:21Z) - Targeted Attack against Deep Neural Networks via Flipping Limited Weight
Bits [55.740716446995805]
We study a novel attack paradigm, which modifies model parameters in the deployment stage for malicious purposes.
Our goal is to misclassify a specific sample into a target class without any sample modification.
By utilizing the latest technique in integer programming, we equivalently reformulate this BIP problem as a continuous optimization problem.
arXiv Detail & Related papers (2021-02-21T03:13:27Z) - Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning
Attacks [43.60973654460398]
Graph Neural Networks (GNNs) are generalizations of neural networks to graph-structured data.
GNNs are vulnerable to adversarial attacks, i.e., a small perturbation to the structure can lead to a non-trivial performance degradation.
We propose Uncertainty Matching GNN (UM-GNN), that is aimed at improving the robustness of GNN models.
arXiv Detail & Related papers (2020-09-30T05:29:42Z) - Optimizing Information Loss Towards Robust Neural Networks [0.0]
Neural Networks (NNs) are vulnerable to adversarial examples.
We present a new training approach we call textitentropic retraining.
Based on an information-theoretic-inspired analysis, entropic retraining mimics the effects of adversarial training without the need of the laborious generation of adversarial examples.
arXiv Detail & Related papers (2020-08-07T10:12:31Z) - Towards More Practical Adversarial Attacks on Graph Neural Networks [14.78539966828287]
We study the black-box attacks on graph neural networks (GNNs) under a novel and realistic constraint.
We show that the structural inductive biases of GNN models can be an effective source for this type of attacks.
arXiv Detail & Related papers (2020-06-09T05:27:39Z) - Graph Structure Learning for Robust Graph Neural Networks [63.04935468644495]
Graph Neural Networks (GNNs) are powerful tools in representation learning for graphs.
Recent studies show that GNNs are vulnerable to carefully-crafted perturbations, called adversarial attacks.
We propose a general framework Pro-GNN, which can jointly learn a structural graph and a robust graph neural network model.
arXiv Detail & Related papers (2020-05-20T17:07:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.