Hard Label Black Box Node Injection Attack on Graph Neural Networks

• URL: http://arxiv.org/abs/2311.13244v1
• Date: Wed, 22 Nov 2023 09:02:04 GMT
• Title: Hard Label Black Box Node Injection Attack on Graph Neural Networks
• Authors: Yu Zhou, Zihao Dong, Guofeng Zhang, Jingchen Tang
• Abstract summary: We will propose a non-targeted Hard Label Black Box Node Injection Attack on Graph Neural Networks. Our attack is based on an existing edge perturbation attack, from which we restrict the optimization process to formulate a node injection attack. In the work, we will evaluate the performance of the attack using three datasets.
• Score: 7.176182084359572
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: While graph neural networks have achieved state-of-the-art performances in many real-world tasks including graph classification and node classification, recent works have demonstrated they are also extremely vulnerable to adversarial attacks. Most previous works have focused on attacking node classification networks under impractical white-box scenarios. In this work, we will propose a non-targeted Hard Label Black Box Node Injection Attack on Graph Neural Networks, which to the best of our knowledge, is the first of its kind. Under this setting, more real world tasks can be studied because our attack assumes no prior knowledge about (1): the model architecture of the GNN we are attacking; (2): the model's gradients; (3): the output logits of the target GNN model. Our attack is based on an existing edge perturbation attack, from which we restrict the optimization process to formulate a node injection attack. In the work, we will evaluate the performance of the attack using three datasets, COIL-DEL, IMDB-BINARY, and NCI1.

Related papers

• Link Stealing Attacks Against Inductive Graph Neural Networks [60.931106032824275]
  A graph neural network (GNN) is a type of neural network that is specifically designed to process graph-structured data. Previous work has shown that transductive GNNs are vulnerable to a series of privacy attacks. This paper conducts a comprehensive privacy analysis of inductive GNNs through the lens of link stealing attacks.
  arXiv  Detail & Related papers  (2024-05-09T14:03:52Z)
• Let Graph be the Go Board: Gradient-free Node Injection Attack for Graph Neural Networks via Reinforcement Learning [37.4570186471298]
  We study the problem of black-box node injection attack, without training a potentially misleading surrogate model. By directly querying the victim model, G2A2C learns to inject highly malicious nodes with extremely limited attacking budgets. We demonstrate the superior performance of our proposed G2A2C over the existing state-of-the-art attackers.
  arXiv  Detail & Related papers  (2022-11-19T19:37:22Z)
• Sparse Vicious Attacks on Graph Neural Networks [3.246307337376473]
  This work focuses on a specific, white-box attack to GNN-based link prediction models. We propose SAVAGE, a novel framework and a method to mount this type of link prediction attacks. Experiments conducted on real-world and synthetic datasets demonstrate that adversarial attacks implemented through SAVAGE indeed achieve high attack success rate.
  arXiv  Detail & Related papers  (2022-09-20T12:51:24Z)
• Model Inversion Attacks against Graph Neural Networks [65.35955643325038]
  We study model inversion attacks against Graph Neural Networks (GNNs) In this paper, we present GraphMI to infer the private training graph data. Our experimental results show that such defenses are not sufficiently effective and call for more advanced defenses against privacy attacks.
  arXiv  Detail & Related papers  (2022-09-16T09:13:43Z)
• Bandits for Structure Perturbation-based Black-box Attacks to Graph Neural Networks with Theoretical Guarantees [60.61846004535707]
  Graph neural networks (GNNs) have achieved state-of-the-art performance in many graph-based tasks. An attacker can mislead GNN models by slightly perturbing the graph structure. In this paper, we consider black-box attacks to GNNs with structure perturbation as well as with theoretical guarantees.
  arXiv  Detail & Related papers  (2022-05-07T04:17:25Z)
• A Hard Label Black-box Adversarial Attack Against Graph Neural Networks [25.081630882605985]
  We conduct a systematic study on adversarial attacks against GNNs for graph classification via perturbing the graph structure. We formulate our attack as an optimization problem, whose objective is to minimize the number of edges to be perturbed in a graph while maintaining the high attack success rate. Our experimental results on three real-world datasets demonstrate that our attack can effectively attack representative GNNs for graph classification with less queries and perturbations.
  arXiv  Detail & Related papers  (2021-08-21T14:01:34Z)
• Black-box Gradient Attack on Graph Neural Networks: Deeper Insights in Graph-based Attack and Defense [3.3504365823045035]
  Graph Neural Networks (GNNs) have received significant attention due to their state-of-the-art performance on various graph representation learning tasks. Recent studies reveal that GNNs are vulnerable to adversarial attacks, i.e. an attacker is able to fool the GNNs by perturbing the graph structure or node features deliberately. Most existing attacking algorithms require access to either the model parameters or the training data, which is not practical in the real world.
  arXiv  Detail & Related papers  (2021-04-30T15:30:47Z)
• Adversarial Attack on Large Scale Graph [58.741365277995044]
  Recent studies have shown that graph neural networks (GNNs) are vulnerable against perturbations due to lack of robustness. Currently, most works on attacking GNNs are mainly using gradient information to guide the attack and achieve outstanding performance. We argue that the main reason is that they have to use the whole graph for attacks, resulting in the increasing time and space complexity as the data scale grows. We present a practical metric named Degree Assortativity Change (DAC) to measure the impacts of adversarial attacks on graph data.
  arXiv  Detail & Related papers  (2020-09-08T02:17:55Z)
• Adversarial Attack on Hierarchical Graph Pooling Neural Networks [14.72310134429243]
  We study the robustness of graph neural networks (GNNs) for graph classification tasks. In this paper, we propose an adversarial attack framework for the graph classification task. To the best of our knowledge, this is the first work on the adversarial attack against hierarchical GNN-based graph classification models.
  arXiv  Detail & Related papers  (2020-05-23T16:19:47Z)
• Graph Structure Learning for Robust Graph Neural Networks [63.04935468644495]
  Graph Neural Networks (GNNs) are powerful tools in representation learning for graphs. Recent studies show that GNNs are vulnerable to carefully-crafted perturbations, called adversarial attacks. We propose a general framework Pro-GNN, which can jointly learn a structural graph and a robust graph neural network model.
  arXiv  Detail & Related papers  (2020-05-20T17:07:05Z)
• Stealing Links from Graph Neural Networks [72.85344230133248]
  Recently, neural networks were extended to graph data, which are known as graph neural networks (GNNs) Due to their superior performance, GNNs have many applications, such as healthcare analytics, recommender systems, and fraud detection. We propose the first attacks to steal a graph from the outputs of a GNN model that is trained on the graph.
  arXiv  Detail & Related papers  (2020-05-05T13:22:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.