Adversarial Attack and Defense on Graph Data: A Survey

Sun, Lichao; Dou, Yingtong; Yang, Carl; Wang, Ji; Yu, Philip S.; He, Lei; Li, Bo

doi:10.48550/arxiv.1812.10528

Cited by 52 publications

(72 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There has been increasing research interest in adversarial attacks on GNNs recently. Detailed expositions of existing literature are made available in a couple of survey papers [12,23]. Given the heterogeneous nature of diverse graph structured data, there are numerous adversarial attack setups for GNN models.…”

Section: Related Workmentioning

confidence: 99%

Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem

Deng¹,

Mei²

2021

Preprint

View full text Add to dashboard Cite

Graph neural networks (GNNs) have attracted increasing interests. With broad deployments of GNNs in real-world applications, there is an urgent need for understanding the robustness of GNNs under adversarial attacks, especially in realistic setups. In this work, we study the problem of attacking GNNs in a restricted and realistic setup, by perturbing the features of a small set of nodes, with no access to model parameters and model predictions. Our formal analysis draws a connection between this type of attacks and an influence maximization problem on the graph. This connection not only enhances our understanding on the problem of adversarial attack on GNNs, but also allows us to propose a group of effective and practical attack strategies. Our experiments verify that the proposed attack strategies significantly degrade the performance of three popular GNN models and outperform baseline adversarial attack strategies.

show abstract

Section: Related Workmentioning

confidence: 99%

Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem

Deng¹,

Mei²

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…How to cope with misbehaved nodes during neighbor aggregation in GNNs. The input node features X, often extracted based on heuristic methods such as TF-IDF, Bag-of-Words, Doc2Vec, etc., are susceptible to such misbehavior as adversarial attacks, camouflages [12,78], or simply imprecise feature selection. Consequently, the numerical embedding of a central node tends to be assimilated by misbehaved neighboring nodes.…”

Section: Problem Scope and Challengesmentioning

confidence: 99%

Reinforced Neighborhood Selection Guided Multi-Relational Graph Neural Networks

Peng¹,

Zhang²,

Dou³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Graph Neural Networks (GNNs) have been widely used for the representation learning of various structured graph data, typically through message passing among nodes by aggregating their neighborhood information via different operations. While promising, most existing GNNs oversimplified the complexity and diversity of the edges in the graph, and thus inefficient to cope with ubiquitous heterogeneous graphs, which are typically in the form of multi-relational graph representations. In this paper, we propose RioGNN, a novel Reinforced, recursive and flexible neighborhood selection guided multi-relational Graph Neural Network architecture, to navigate complexity of neural network structures whilst maintaining relation-dependent representations. We first construct a multi-relational graph, according to the practical task, to reflect the heterogeneity of nodes, edges, attributes and labels. To avoid the embedding over-assimilation among different types of nodes, we employ a label-aware neural similarity measure to ascertain the most similar neighbors based on node attributes. A reinforced relationaware neighbor selection mechanism is developed to choose the most similar neighbors of a targeting node within a relation before aggregating all neighborhood information from different relations to obtain the eventual node embedding. Particularly, to improve the efficiency of neighbor selecting, we propose a new recursive and scalable reinforcement learning framework with estimable depth and width for different scales of multi-relational graphs. RioGNN can learn more discriminative node embedding with enhanced explainability due to the recognition of individual importance of each relation via the filtering threshold mechanism. Comprehensive experiments on real-world graph data and practical tasks demonstrate the advancements of effectiveness, efficiency and the model explainability, as opposed to other comparative GNN models.

show abstract

“…Adversarial learning for networks includes three types of studies: attack, defense, and certifiable robustness [37,21,5]. Adversarial attacks aim to maximally degrade the model performance through perturbing the input data, which includes the modification of node attributes or changes of the network topology.…”

Section: Related Workmentioning

confidence: 99%

Adversarial Robustness of Probabilistic Network Embedding for Link Prediction

Chen

Kang

Lijffijt

et al. 2021

Preprint

View full text Add to dashboard Cite

In today's networked society, many real-world problems can be formalized as predicting links in networks, such as Facebook friendship suggestions, e-commerce recommendations, and the prediction of scientific collaborations in citation networks. Increasingly often, link prediction problem is tackled by means of network embedding methods, owing to their state-of-the-art performance. However, these methods lack transparency when compared to simpler baselines, and as a result their robustness against adversarial attacks is a possible point of concern: could one or a few small adversarial modifications to the network have a large impact on the link prediction performance when using a network embedding model? Prior research has already investigated adversarial robustness for network embedding models, focused on classification at the node and graph level. Robustness with respect to the link prediction downstream task, on the other hand, has been explored much less. This paper contributes to filling this gap, by studying adversarial robustness of Conditional Network Embedding (CNE), a state-of-the-art probabilistic network embedding model, for link prediction. More specifically, given CNE and a network, we measure the sensitivity of the link predictions of the model to small adversarial perturbations of the network, namely changes of the link status of a node pair. Thus, our approach allows one to identify the links and non-links in the network that are most vulnerable to such perturbations, for further investigation by an analyst. We analyze the characteristics of the most and least sensitive perturbations, and empirically confirm that our approach not only succeeds in identifying the most vulnerable links and non-links, but also that it does so in a time-efficient manner thanks to an effective approximation.

show abstract

Adversarial Attack and Defense on Graph Data: A Survey

Cited by 52 publications

References 25 publications

Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem

Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem

Reinforced Neighborhood Selection Guided Multi-Relational Graph Neural Networks

Adversarial Robustness of Probabilistic Network Embedding for Link Prediction

Contact Info

Product

Resources

About