Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge
Heng Chang, Yu Rong, Tingyang Xu, Wenbing Huang, Honglei Zhang, Peng, Cui, Xin Wang, Wenwu Zhu, Junzhou Huang
TL;DR
This paper introduces GF-Attack, a black-box adversarial attack framework on graph embedding models that leverages graph signal processing theory, enabling effective attacks without access to model predictions or labels.
Contribution
It formulates graph embedding as a graph signal process and develops GF-Attack, a generalized attack method applicable across various models without needing model details.
Findings
GF-Attack effectively attacks multiple graph embedding models.
The method performs well without knowledge of model layers.
Experiments show strong attack performance on benchmark datasets.
Abstract
With the success of the graph embedding model in both academic and industry areas, the robustness of graph embedding against adversarial attack inevitably becomes a crucial problem in graph learning. Existing works usually perform the attack in a white-box fashion: they need to access the predictions/labels to construct their adversarial loss. However, the inaccessibility of predictions/labels makes the white-box attack impractical to a real graph learning system. This paper promotes current frameworks in a more general and flexible sense -- we demand to attack various kinds of graph embedding models with black-box driven. We investigate the theoretical connections between graph signal processing and graph embedding models and formulate the graph embedding model as a general graph signal process with a corresponding graph filter. Therefore, we design a generalized adversarial attacker:…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.