Can Adversarial Network Attack be Defended?

Chen, Jinyin; Wu, Yangyang; Lin, Xiang; Xuan, Qi

doi:10.48550/arxiv.1903.05994

Cited by 7 publications

(14 citation statements)

References 26 publications

(36 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Jin and Zhang [8] introduce latent adversarial training for GCN, which train GCN based on the adversarial perturbed output of the first layer. Besides, several studies explored adversarial training based on adversarial perturbed edges for graph data [31,1,28]. Among these works,part of studies pay attention to achieving model's robustness while ignoring the effect of generalization [31,8,1,28,2] and the others simply utilize perturbations on nodal attributes while not explore the effect of perturbation on edges [3,22,5].…”

Section: Related Workmentioning

confidence: 99%

On Generalization of Graph Autoencoders with Adversarial Training

Huang¹,

Pei²,

Menkovski³

et al. 2021

Preprint

View full text Add to dashboard Cite

Adversarial training is an approach for increasing model's resilience against adversarial perturbations. Such approaches have been demonstrated to result in models with feature representations that generalize better. However, limited works have been done on adversarial training of models on graph data. In this paper, we raise such a question -does adversarial training improve the generalization of graph representations. We formulate L2 and L∞ versions of adversarial training in two powerful node embedding methods: graph autoencoder (GAE) and variational graph autoencoder (VGAE). We conduct extensive experiments on three main applications, i.e. link prediction, node clustering, graph anomaly detection of GAE and VGAE, and demonstrate that both L2 and L∞ adversarial training boost the generalization of GAE and VGAE.

show abstract

Section: Related Workmentioning

confidence: 99%

On Generalization of Graph Autoencoders with Adversarial Training

Huang¹,

Pei²,

Menkovski³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Besides adversarial training, Chen et al [8] trained a distillation GCN model by using the output confidence of the initial GCN as a soft label. Based on graph purification defense, [15] performed low-rank approximation on the graph to reduce the impact of NETTACK.…”

Section: Graph Defensementioning

confidence: 99%

“…In various online data, de-anonymization attacks [22], [23] expose users' private information, which leads to the issues of privacy leakage. Therefore, the attacks [4], [6], [9], [12], [57], [60], [63] and possible defenses [8], [13], [15], [16], [29], [41], [45], [62] research on GNNs has become the hot spot.…”

Section: Introductionmentioning

confidence: 99%

GraphAttacker: A General Multi-Task GraphAttack Framework

Chen¹,

Zhang²,

Ming³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Graph Neural Networks (GNNs) have been successfully exploited in graph analysis tasks in many real-world applications. However, GNNs have been shown to have potential security issues imposed by adversarial samples generated by attackers, which achieved great attack performance with almost imperceptible perturbations. What limit the wide application of these attackers are their methods' specificity on a certain graph analysis task, such as node classification or link prediction. We thus propose GraphAttacker, a novel generic graph attack framework that can flexibly adjust the structures and the attack strategies according to the graph analysis tasks. Based on the Generative Adversarial Network (GAN), GraphAttacker generates adversarial samples through alternate training on three key components, the Multi-strategy Attack Generator (MAG), the Similarity Discriminator (SD), and the Attack Discriminator (AD). Furthermore, to achieve attackers within perturbation budget, we propose a novel Similarity Modification Rate (SMR) to quantify the similarity between nodes thus constrain the attack budget. We carry out extensive experiments and the results show that GraphAttacker can achieve state-of-the-art attack performance on graph analysis tasks of node classification, graph classification, and link prediction. Besides, we also analyze the unique characteristics of each task and their specific response in the unified attack framework. We will release GraphAttacker as an open-source simulation platform for future attack researches.

show abstract

“…Other adversarial-based models are fed with adversarial samples during the training process, which helps the model learn to adjust to adversarial samples and thus reduces the negative impacts of those potential attack samples. [73], [54], [23] are the scenarios of the former one, while [10], [67], [21] and [26] are the scenarios of the latter one.…”

Section: Taxonomies Of Defensesmentioning

confidence: 99%

“…In particular, we first introduced some common metrics for both defense and attack, and then introduce some metrics provided in their respective work in three categories: effectiveness, efficiency, and imperceptibility. For instance, the Attack Success Rate (ASR) [9] and the Average Defense Rate (ADR) [10] are proposed to measure the effectiveness of attack and defense, respectively.…”

Section: Introductionmentioning

confidence: 99%

A Survey of Adversarial Learning on Graphs

Chen¹,

Li²,

Peng

et al. 2020

Preprint

View full text Add to dashboard Cite

Deep learning models on graphs have achieved remarkable performance in various graph analysis tasks, e.g., node classification, link prediction and graph clustering. However, they expose uncertainty and unreliability against the well-designed inputs, i.e., adversarial examples. Accordingly, various studies have emerged for both attack and defense addressed in different graph analysis tasks, leading to the arms race in graph adversarial learning. For instance, the attacker has poisoning and evasion attack, and the defense group correspondingly has preprocessing-and adversarial-based methods. Despite the booming works, there still lacks a unified problem definition and a comprehensive review. To bridge this gap, we investigate and summarize the existing works on graph adversarial learning tasks systemically. Specifically, we survey and unify the existing works w.r.t. attack and defense in graph analysis tasks, and give proper definitions and taxonomies at the same time. Besides, we emphasize the importance of related evaluation metrics, and investigate and summarize them comprehensively. Hopefully, our works can serve as a reference for the relevant researchers, thus providing assistance for their studies. More details of our works are available at https://github.com/gitgiter/Graph-Adversarial-Learning.

show abstract

Can Adversarial Network Attack be Defended?

Cited by 7 publications

References 26 publications

On Generalization of Graph Autoencoders with Adversarial Training

On Generalization of Graph Autoencoders with Adversarial Training

GraphAttacker: A General Multi-Task GraphAttack Framework

A Survey of Adversarial Learning on Graphs

Contact Info

Product

Resources

About