Transferability of features for neural networks links to adversarial attacks and defences

Kotyan, Shashank; Matsuki, Moe; Vargas, Danilo Vasconcellos

doi:10.1371/journal.pone.0266060

Cited by 1 publication

(1 citation statement)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This research enhances the robustness of graph neural networks, ensuring their security and reliability in practical applications. Adversarial attacks have been extensively studied in the field of deep learning [ 13 , 14 ].…”

Section: Introductionmentioning

confidence: 99%

MCGCL:Adversarial attack on graph contrastive learning based on momentum gradient candidates

Zhang,

Qin,

Zhang

2024

PLoS ONE

View full text Add to dashboard Cite

In the context of existing adversarial attack schemes based on unsupervised graph contrastive learning, a common issue arises due to the discreteness of graph structures, leading to reduced reliability of structural gradients and consequently resulting in the problem of attacks getting trapped in local optima. An adversarial attack method based on momentum gradient candidates is proposed in this research. Firstly, the gradients obtained by back-propagation are transformed into momentum gradients, and the gradient update is guided by overlaying the previous gradient information in a certain proportion to accelerate convergence speed and improve the accuracy of gradient update. Secondly, the exploratory process of candidate and evaluation is carried out by summing the momentum gradients of the two views and ranking them in descending order of saliency. In this process, selecting adversarial samples with stronger perturbation effects effectively improves the success rate of adversarial attacks. Finally, extensive experiments were conducted on three different datasets, and our generated adversarial samples were evaluated against contrastive learning models across two downstream tasks. The results demonstrate that the attack strategy proposed outperforms existing methods, significantly improving convergence speed. In the link prediction task, targeting the Cora dataset with perturbation rates of 0.05 and 0.1, the attack performance outperforms all baseline tasks, including the supervised baseline methods. The attack method is also transferred to other graph representation models, validating the method’s strong transferability.

show abstract

Section: Introductionmentioning

confidence: 99%