TL;DR
This paper investigates the vulnerability of graph neural networks to adversarial attacks, introducing methods to generate subtle perturbations that significantly degrade model performance and transfer across different models.
Contribution
First study of adversarial attacks on attributed graphs, including both test-time and training-phase poisoning attacks, with an efficient algorithm for generating unnoticeable perturbations.
Findings
Adversarial perturbations drastically reduce node classification accuracy.
Attacks are transferable across different graph models.
Limited knowledge attacks remain effective.
Abstract
Deep learning models for graphs have achieved strong performance for the task of node classification. Despite their proliferation, currently there is no study of their robustness to adversarial attacks. Yet, in domains where they are likely to be used, e.g. the web, adversaries are common. Can deep learning models for graphs be easily fooled? In this work, we introduce the first study of adversarial attacks on attributed graphs, specifically focusing on models exploiting ideas of graph convolutions. In addition to attacks at test time, we tackle the more challenging class of poisoning/causative attacks, which focus on the training phase of a machine learning model. We generate adversarial perturbations targeting the node's features and the graph structure, thus, taking the dependencies between instances in account. Moreover, we ensure that the perturbations remain unnoticeable by…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
