Abstract
Recent work has shown that graph neural networks (GNNs) are vulnerable to adversarial attacks on graph data. Common attack approaches are typically informed, i.e.They have access to information about node attributes such as labels and feature vectors. In this work, we study adversarial attacks that are uninformed, where an attacker only has access to the graph structure, but no information about node attributes. Here the attacker aims to exploit structural knowledge and assumptions, which GNN models make about graph data. In particular, literature has shown that structural node centrality and similarity have a strong influence on learning with GNNs. Therefore, we study the impact of centrality and similarity on adversarial attacks on GNNs. We demonstrate that attackers can exploit this information to decrease the performance of GNNs by focusing on injecting links between nodes of low similarity and, surprisingly, low centrality. We show that structure-based uninformed attacks can approach the performance of informed attacks, while being computationally more efficient. With our paper, we present a new attack strategy on GNNs that we refer to as Structack. Structack can successfully manipulate the performance of GNNs with very limited information while operating under tight computational constraints. Our work contributes towards building more robust machine learning approaches on graphs.
Original language | English |
---|---|
Title of host publication | HT 2021 - Proceedings of the 32nd ACM Conference on Hypertext and Social Media |
Publisher | Association of Computing Machinery |
Pages | 111-120 |
Number of pages | 10 |
ISBN (Electronic) | 9781450385510 |
DOIs | |
Publication status | Published - 30 Aug 2021 |
Event | 32nd ACM Conference on Hypertext and Social Media: HT 2021 - Virtuell, Ireland Duration: 30 Aug 2021 → 2 Sept 2021 |
Conference
Conference | 32nd ACM Conference on Hypertext and Social Media |
---|---|
Abbreviated title | HT 2021 |
Country/Territory | Ireland |
City | Virtuell |
Period | 30/08/21 → 2/09/21 |
Keywords
- adversarial attacks
- graph neural networks
- network centrality
- network similarity
ASJC Scopus subject areas
- Artificial Intelligence
- Computer Graphics and Computer-Aided Design
- Human-Computer Interaction
- Software