Cost Aware Untargeted Poisoning Attack against Graph Neural Networks,

• URL: http://arxiv.org/abs/2312.07158v1
• Date: Tue, 12 Dec 2023 10:54:02 GMT
• Title: Cost Aware Untargeted Poisoning Attack against Graph Neural Networks,
• Authors: Yuwei Han, Yuni Lai, Yulin Zhu and Kai Zhou
• Abstract summary: We propose a novel attack loss framework called the Cost Aware Poisoning Attack (CA-attack) to improve the allocation of the attack budget. Our experiments demonstrate that the proposed CA-attack significantly enhances existing attack strategies.
• Score: 5.660584039688214
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Graph Neural Networks (GNNs) have become widely used in the field of graph mining. However, these networks are vulnerable to structural perturbations. While many research efforts have focused on analyzing vulnerability through poisoning attacks, we have identified an inefficiency in current attack losses. These losses steer the attack strategy towards modifying edges targeting misclassified nodes or resilient nodes, resulting in a waste of structural adversarial perturbation. To address this issue, we propose a novel attack loss framework called the Cost Aware Poisoning Attack (CA-attack) to improve the allocation of the attack budget by dynamically considering the classification margins of nodes. Specifically, it prioritizes nodes with smaller positive margins while postponing nodes with negative margins. Our experiments demonstrate that the proposed CA-attack significantly enhances existing attack strategies

Related papers

• Robustness-Inspired Defense Against Backdoor Attacks on Graph Neural Networks [30.82433380830665]
  Graph Neural Networks (GNNs) have achieved promising results in tasks such as node classification and graph classification. Recent studies reveal that GNNs are vulnerable to backdoor attacks, posing a significant threat to their real-world adoption. We propose using random edge dropping to detect backdoors and theoretically show that it can efficiently distinguish poisoned nodes from clean ones.
  arXiv  Detail & Related papers  (2024-06-14T08:46:26Z)
• Minimum Topology Attacks for Graph Neural Networks [70.17791814425148]
  Graph Neural Networks (GNNs) have received significant attention for their robustness to adversarial topology attacks. We propose a new type of topology attack, named minimum-budget topology attack, aiming to adaptively find the minimum perturbation sufficient for a successful attack on each node.
  arXiv  Detail & Related papers  (2024-03-05T07:29:12Z)
• Towards Reasonable Budget Allocation in Untargeted Graph Structure Attacks via Gradient Debias [50.628150015907565]
  Cross-entropy loss function is used to evaluate perturbation schemes in classification tasks. Previous methods use negative cross-entropy loss as the attack objective in attacking node-level classification models. This paper argues about the previous unreasonable attack objective from the perspective of budget allocation.
  arXiv  Detail & Related papers  (2023-03-29T13:02:02Z)
• Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation [60.50994154879244]
  Recent studies show that Graph Neural Networks are vulnerable and easily fooled by small perturbations. In this work, we focus on the emerging but critical attack, namely, Graph Injection Attack. We propose a general defense framework CHAGNN against GIA through cooperative homophilous augmentation of graph data and model.
  arXiv  Detail & Related papers  (2022-11-15T11:44:31Z)
• Adversarial Camouflage for Node Injection Attack on Graphs [64.5888846198005]
  Node injection attacks on Graph Neural Networks (GNNs) have received increasing attention recently, due to their ability to degrade GNN performance with high attack success rates. Our study indicates that these attacks often fail in practical scenarios, since defense/detection methods can easily identify and remove the injected nodes. To address this, we devote to camouflage node injection attack, making injected nodes appear normal and imperceptible to defense/detection methods.
  arXiv  Detail & Related papers  (2022-08-03T02:48:23Z)
• Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem [12.88476464580968]
  Graph neural networks (GNNs) have attracted increasing interests. There is an urgent need for understanding the robustness of GNNs under adversarial attacks.
  arXiv  Detail & Related papers  (2021-06-21T00:47:44Z)
• Generating Adversarial Examples with Graph Neural Networks [26.74003742013481]
  We propose a novel attack based on a graph neural network (GNN) that takes advantage of the strengths of both approaches. We show that our method beats state-of-the-art adversarial attacks, including PGD-attack, MI-FGSM, and Carlini and Wagner attack. We provide a new challenging dataset specifically designed to allow for a more illustrative comparison of adversarial attacks.
  arXiv  Detail & Related papers  (2021-05-30T22:46:41Z)
• Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks [43.60973654460398]
  Graph Neural Networks (GNNs) are generalizations of neural networks to graph-structured data. GNNs are vulnerable to adversarial attacks, i.e., a small perturbation to the structure can lead to a non-trivial performance degradation. We propose Uncertainty Matching GNN (UM-GNN), that is aimed at improving the robustness of GNN models.
  arXiv  Detail & Related papers  (2020-09-30T05:29:42Z)
• Towards More Practical Adversarial Attacks on Graph Neural Networks [14.78539966828287]
  We study the black-box attacks on graph neural networks (GNNs) under a novel and realistic constraint. We show that the structural inductive biases of GNN models can be an effective source for this type of attacks.
  arXiv  Detail & Related papers  (2020-06-09T05:27:39Z)
• AN-GCN: An Anonymous Graph Convolutional Network Defense Against Edge-Perturbing Attack [53.06334363586119]
  Recent studies have revealed the vulnerability of graph convolutional networks (GCNs) to edge-perturbing attacks. We first generalize the formulation of edge-perturbing attacks and strictly prove the vulnerability of GCNs to such attacks in node classification tasks. Following this, an anonymous graph convolutional network, named AN-GCN, is proposed to counter edge-perturbing attacks.
  arXiv  Detail & Related papers  (2020-05-06T08:15:24Z)
• Adversarial Attacks and Defenses on Graphs: A Review, A Tool and Empirical Studies [73.39668293190019]
  Adversary attacks can be easily fooled by small perturbation on the input. Graph Neural Networks (GNNs) have been demonstrated to inherit this vulnerability. In this survey, we categorize existing attacks and defenses, and review the corresponding state-of-the-art methods.
  arXiv  Detail & Related papers  (2020-03-02T04:32:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.