TY - GEN
T1 - Exploring Robustness of GNN against Universal Injection Attack from a Worst-case Perspective
AU - Ni, Dandan
AU - Zhang, Sheng
AU - Deng, Cong
AU - Liu, Han
AU - Chen, Gang
AU - Cheng, Minhao
AU - Chen, Hongyang
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/10/21
Y1 - 2024/10/21
N2 - Recently, graph neural networks (GNNs) have demonstrated outstanding performance in fundamental tasks such as node classification and link prediction, as well as in specialized domains like recommendation systems, fraud detection, and drug discovery. However, their vulnerability to adversarial attacks raises concerns about their reliability in security-critical areas. To address this issue, researchers are exploring various defense methods, including specific attack countermeasures and certifiable robustness approaches. Nevertheless, these strategies are often effective only against limited attack scenarios, and prevailing certification methods prove inadequate when confronted with injection attacks. In this paper, we propose a method named CERT_UIA to enhance the robustness of GNN models against worst-case attacks, specifically targeting the scenario of Universal node Injection Attacks (UIA), thereby filling a gap in the existing literature on certified robustness in this context. Our approach involves a two-stage attack process that replaces the transformations of the topology and feature spaces with equivalent unified feature transformations, unifying the optimization of worst-case perturbations into a single feature space. Furthermore, we empirically evaluate our method on several benchmark datasets and compare it with existing certified methods.
AB - Recently, graph neural networks (GNNs) have demonstrated outstanding performance in fundamental tasks such as node classification and link prediction, as well as in specialized domains like recommendation systems, fraud detection, and drug discovery. However, their vulnerability to adversarial attacks raises concerns about their reliability in security-critical areas. To address this issue, researchers are exploring various defense methods, including specific attack countermeasures and certifiable robustness approaches. Nevertheless, these strategies are often effective only against limited attack scenarios, and prevailing certification methods prove inadequate when confronted with injection attacks. In this paper, we propose a method named CERT_UIA to enhance the robustness of GNN models against worst-case attacks, specifically targeting the scenario of Universal node Injection Attacks (UIA), thereby filling a gap in the existing literature on certified robustness in this context. Our approach involves a two-stage attack process that replaces the transformations of the topology and feature spaces with equivalent unified feature transformations, unifying the optimization of worst-case perturbations into a single feature space. Furthermore, we empirically evaluate our method on several benchmark datasets and compare it with existing certified methods.
UR - http://www.scopus.com/inward/record.url?scp=85210012677&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85210012677&partnerID=8YFLogxK
U2 - 10.1145/3627673.3679862
DO - 10.1145/3627673.3679862
M3 - Conference contribution
AN - SCOPUS:85210012677
T3 - International Conference on Information and Knowledge Management, Proceedings
SP - 1785
EP - 1794
BT - CIKM 2024 - Proceedings of the 33rd ACM International Conference on Information and Knowledge Management
PB - Association for Computing Machinery
T2 - 33rd ACM International Conference on Information and Knowledge Management, CIKM 2024
Y2 - 21 October 2024 through 25 October 2024
ER -