Adversarial Attack on Graph Structured Data

TL;DR

This paper investigates the vulnerability of graph neural networks to adversarial attacks that modify graph structures, proposing reinforcement learning, genetic algorithms, and gradient-based methods, and demonstrating their effectiveness on synthetic and real data.

Contribution

It introduces novel adversarial attack methods for graph data, including a reinforcement learning approach that requires only label predictions, and evaluates their impact on GNN robustness.

Findings

Graph neural networks are vulnerable to structure-modifying attacks.

Proposed methods successfully fool GNN models on various datasets.

Attacks can also serve as diagnostic tools for model robustness.

Abstract

Deep learning on graph structures has shown exciting results in various applications. However, few attentions have been paid to the robustness of such models, in contrast to numerous research work for image or text adversarial attack and defense. In this paper, we focus on the adversarial attacks that fool the model by modifying the combinatorial structure of data. We first propose a reinforcement learning based attack method that learns the generalizable attack policy, while only requiring prediction labels from the target classifier. Also, variants of genetic algorithms and gradient methods are presented in the scenario where prediction confidence or gradients are available. We use both synthetic and real-world data to show that, a family of Graph Neural Network models are vulnerable to these attacks, in both graph-level and node-level classification tasks. We also show such attacks can be used to diagnose the learned classifiers.