A General Backdoor Attack to Graph Neural Networks Based on Explanation Method.

TrustCom(2022)

引用 0|浏览6
暂无评分
摘要
Graph neural networks (GNNs) have achieved significant performance in many applications (e.g., social spammer detection and Facebook page classification). Recently, backdoor attacks pose a new security threat to the training process of GNNs. Attackers intend to inject backdoors into GNNs, such that the attacked model performs well on benign samples, whereas its prediction will be changed to target label when the trigger is present. However, existing works on backdoor attacks could not attack arbitrary nodes effectively and achieve high performance on both nodes with discrete features and that with continuous features. In this paper, we propose a general backdoor attack to GNNs which could effectively attack arbitrary nodes while keeping other nodes unaffected as much as possible. We first ensure some important edges for a target node by utilizing edge explanation method and remove these edges if the edge exists before (vice versa). Then we ensure important features by using feature explanation method and use a neural network to optimize these features to obtain feature triggers (i.e., perturbation). Finally, we inject edge and feature triggers into target nodes to implement attack. We evaluate our attack from two aspects including generality and effectiveness. For the first part, our attack is effective on both datasets with discrete features and continuous features. For the second part, we randomly select different node subset with different size (e.g., 20, 50, 100 nodes) as target nodes and our attack achieves higher performance against other two state-of-the-art attacks.
更多
查看译文
关键词
Backdoor Attack, GNN, Node Classification, Explanation Method
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要