BadGraph: A Backdoor Attack Against Latent Diffusion Model for Text-Guided Graph Generation

• URL: http://arxiv.org/abs/2510.20792v2
• Date: Fri, 31 Oct 2025 18:13:14 GMT
• Title: BadGraph: A Backdoor Attack Against Latent Diffusion Model for Text-Guided Graph Generation
• Authors: Liang Ye, Shengqin Chen, Jiazhu Dai,
• Abstract summary: This paper proposes BadGraph, a backdoor attack method against latent diffusion models for text-guided graph generation.<n>Experiments on four benchmark datasets demonstrate the effectiveness and stealth of the attack.
• Score: 0.3736462499137869
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The rapid progress of graph generation has raised new security concerns, particularly regarding backdoor vulnerabilities. While prior work has explored backdoor attacks in image diffusion and unconditional graph generation, conditional, especially text-guided graph generation remains largely unexamined. This paper proposes BadGraph, a backdoor attack method against latent diffusion models for text-guided graph generation. BadGraph leverages textual triggers to poison training data, covertly implanting backdoors that induce attacker-specified subgraphs during inference when triggers appear, while preserving normal performance on clean inputs. Extensive experiments on four benchmark datasets (PubChem, ChEBI-20, PCDes, MoMu) demonstrate the effectiveness and stealth of the attack: less than 10% poisoning rate can achieves 50% attack success rate, while 24% suffices for over 80% success rate, with negligible performance degradation on benign samples. Ablation studies further reveal that the backdoor is implanted during VAE and diffusion training rather than pretraining. These findings reveal the security vulnerabilities in latent diffusion models of text-guided graph generation, highlight the serious risks in models' applications such as drug discovery and underscore the need for robust defenses against the backdoor attack in such diffusion models.

Related papers

• Backdoor Attacks on Discrete Graph Diffusion Models [23.649243273191605]
  We study graph diffusion models against backdoor attacks, a severe attack that manipulates both the training and inference/generation phases.<n>We first define the threat model, under which we design the attack such that the backdoored graph diffusion model can generate 1) high-quality graphs without backdoor activation, 2) effective, stealthy, and persistent backdoored graphs with backdoor activation, and 3) graphs that are permutation invariant and exchangeable--two core properties in graph generative models.
  arXiv  Detail & Related papers  (2025-03-08T21:01:15Z)
• Fine-tuning is Not Fine: Mitigating Backdoor Attacks in GNNs with Limited Clean Data [51.745219224707384]
  Graph Neural Networks (GNNs) have achieved remarkable performance through their message-passing mechanism.<n>Recent studies have highlighted the vulnerability of GNNs to backdoor attacks.<n>In this paper, we propose a practical backdoor mitigation framework, denoted as GRAPHNAD.
  arXiv  Detail & Related papers  (2025-01-10T10:16:35Z)
• CopyrightShield: Enhancing Diffusion Model Security against Copyright Infringement Attacks [61.06621533874629]
  Diffusion models are vulnerable to copyright infringement attacks, where attackers inject strategically modified non-infringing images into the training set.<n>We first propose a defense framework, CopyrightShield, to defend against the above attack.<n> Experimental results demonstrate that CopyrightShield significantly improves poisoned sample detection performance across two attack scenarios.
  arXiv  Detail & Related papers  (2024-12-02T14:19:44Z)
• MADE: Graph Backdoor Defense with Masked Unlearning [24.97718571096943]
  Graph Neural Networks (GNNs) have garnered significant attention from researchers due to their outstanding performance in handling graph-related tasks.<n>Recent research has demonstrated that GNNs are vulnerable to backdoor attacks, implemented by injecting triggers into the training datasets.<n>This vulnerability poses significant security risks for applications of GNNs in sensitive domains, such as drug discovery.
  arXiv  Detail & Related papers  (2024-11-26T22:50:53Z)
• DMGNN: Detecting and Mitigating Backdoor Attacks in Graph Neural Networks [30.766013737094532]
  We propose DMGNN against out-of-distribution (OOD) and in-distribution (ID) graph backdoor attacks. DMGNN can easily identify the hidden ID and OOD triggers via predicting label transitions based on counterfactual explanation. DMGNN far outperforms the state-of-the-art (SOTA) defense methods, reducing the attack success rate to 5% with almost negligible degradation in model performance.
  arXiv  Detail & Related papers  (2024-10-18T01:08:03Z)
• Distributed Backdoor Attacks on Federated Graph Learning and Certified Defenses [50.53476890313741]
  We propose an effective, stealthy, and persistent backdoor attack on FedGL. We develop a certified defense for any backdoored FedGL model against the trigger with any shape at any location. Our attack results show our attack can obtain > 90% backdoor accuracy in almost all datasets.
  arXiv  Detail & Related papers  (2024-07-12T02:43:44Z)
• SEEP: Training Dynamics Grounds Latent Representation Search for Mitigating Backdoor Poisoning Attacks [53.28390057407576]
  Modern NLP models are often trained on public datasets drawn from diverse sources. Data poisoning attacks can manipulate the model's behavior in ways engineered by the attacker. Several strategies have been proposed to mitigate the risks associated with backdoor attacks.
  arXiv  Detail & Related papers  (2024-05-19T14:50:09Z)
• Rethinking Graph Backdoor Attacks: A Distribution-Preserving Perspective [33.35835060102069]
  Graph Neural Networks (GNNs) have shown remarkable performance in various tasks. Backdoor attack poisons the graph by attaching backdoor triggers and the target class label to a set of nodes in the training graph. In this paper, we study a novel problem of unnoticeable graph backdoor attacks with in-distribution (ID) triggers.
  arXiv  Detail & Related papers  (2024-05-17T13:09:39Z)
• Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation [60.50994154879244]
  Recent studies show that Graph Neural Networks are vulnerable and easily fooled by small perturbations. In this work, we focus on the emerging but critical attack, namely, Graph Injection Attack. We propose a general defense framework CHAGNN against GIA through cooperative homophilous augmentation of graph data and model.
  arXiv  Detail & Related papers  (2022-11-15T11:44:31Z)
• Backdoor Attacks to Graph Neural Networks [73.56867080030091]
  We propose the first backdoor attack to graph neural networks (GNN) In our backdoor attack, a GNN predicts an attacker-chosen target label for a testing graph once a predefined subgraph is injected to the testing graph. Our empirical results show that our backdoor attacks are effective with a small impact on a GNN's prediction accuracy for clean testing graphs.
  arXiv  Detail & Related papers  (2020-06-19T14:51:01Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.