Litcius/Paper detail

Poster

Jing Xu, Stjepan Picek

2022Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security24 citationsDOIOpen Access PDF

Abstract

Graph Neural Networks (GNNs) have achieved impressive results in various graph learning tasks. They have found their way into many applications, such as fraud detection, molecular property prediction, or knowledge graph reasoning. However, GNNs have been recently demonstrated to be vulnerable to backdoor attacks. In this work, we explore a new kind of backdoor attack, i.e., a clean-label backdoor attack, on GNNs. Unlike prior backdoor attacks on GNNs in which the adversary can introduce arbitrary, often clearly mislabeled, inputs to the training set, in a clean-label backdoor attack, the resulting poisoned inputs appear to be consistent with their label and thus are less likely to be filtered as outliers. The initial experimental results illustrate that the adversary can achieve a high attack success rate (up to 98.47%) with a clean-label backdoor attack on GNNs for the graph classification task. We hope our work will raise awareness of this attack and inspire novel defenses against it.

Topics & Concepts

BackdoorAdversaryComputer scienceComputer securityGraphTask (project management)Artificial intelligenceOutlierMachine learningTheoretical computer scienceEngineeringSystems engineeringAdversarial Robustness in Machine LearningAdvanced Graph Neural NetworksNetwork Security and Intrusion Detection
Poster | Litcius