DeepInsight: Interpretability Assisting Detection of Adversarial Samples on Graphs

TL;DR

This paper explores how different adversarial attack methods target graph neural networks, identifies key network attributes for detection, and develops models that effectively recognize adversarial samples and attack types.

Contribution

It introduces a novel analysis of attack preferences based on network attributes and designs detection models with high accuracy for adversarial samples on graphs.

Findings

Different attack methods have specific structural preferences.

Four key network attributes can explain attack patterns.

Proposed detection models outperform existing methods.

Abstract

With the rapid development of artificial intelligence, a number of machine learning algorithms, such as graph neural networks have been proposed to facilitate network analysis or graph data mining. Although effective, recent studies show that these advanced methods may suffer from adversarial attacks, i.e., they may lose effectiveness when only a small fraction of links are unexpectedly changed. This paper investigates three well-known adversarial attack methods, i.e., Nettack, Meta Attack, and GradArgmax. It is found that different attack methods have their specific attack preferences on changing the target network structures. Such attack pattern are further verified by experimental results on some real-world networks, revealing that generally the top four most important network attributes on detecting adversarial samples suffice to explain the preference of an attack method. Based on these findings, the network attributes are utilized to design machine learning models for adversarial sample detection and attack method recognition with outstanding performance.