圖神經網路之後門注入式攻擊

Abstract

本文介紹了一種新穎的方法，BAGNN，用於圖形基礎的後門攻擊領域。BAGNN將經典的圖形分類問題的探索範疇擴展到注入攻擊場景，利用強化學習技術，特別是 Q 學習和深度 Q 學習。通過檢視狀態、行動和獎勵動態，構建了精密的後門注入攻擊方法。在多個資料集上的評估顯示了令人鼓舞的結果，展示了 BAGNN在攻擊成功率和誤分類信心方面的效能，並對良性準確性的影響最小。該研究強調了創建防禦對抗攻擊的安全模型的重要性，同時也強調了需要強大的對抗模型。本研究拓寬了我們對圖形任務的對抗攻擊的理解，並識別了進一步探索的可能途徑，如在更大的數據集上進行驗證以及探查更複雜的攻擊情境。

This paper introduces a novel method, BAGNN, to the field of graph-based backdoor attacks. BAGNN extends the exploration of the classic graph classification problem to injection attack scenarios, utilizing reinforcement learning techniques, specifically Q-learning and Deep Q-learning. By examining state, action, and reward dynamics, sophisticated backdoor injection attack methods are constructed. Evaluations reveal promising results across multiple datasets, showcasing BAGNN’s effectiveness in attack success rate and misclassification confidence, with minimal impact on benign accuracy. The study underscores the importance of creating secure models against adversarial attacks while also emphasizing the need for robust adversarial models. This research broadens our understanding of adversarial attacks on graph tasks, identifying potential avenues for further exploration such as validation on larger datasets and probing more complex attack scenarios.