Dyn-Backdoor: Backdoor Attack on Dynamic Link Prediction

TL;DR

This paper introduces Dyn-Backdoor, a novel backdoor attack framework on dynamic link prediction models that uses GANs to generate concealed triggers, achieving over 90% success rate and highlighting the need for defenses.

Contribution

It presents the first backdoor attack method on DLP models using GAN-generated triggers, demonstrating high attack success and raising awareness of vulnerabilities.

Findings

Dyn-Backdoor achieves over 90% attack success rate.

GAN-generated triggers are effective and concealed.

The attack demonstrates the need for defense mechanisms.

Abstract

Dynamic link prediction (DLP) makes graph prediction based on historical information. Since most DLP methods are highly dependent on the training data to achieve satisfying prediction performance, the quality of the training data is crucial. Backdoor attacks induce the DLP methods to make wrong prediction by the malicious training data, i.e., generating a subgraph sequence as the trigger and embedding it to the training data. However, the vulnerability of DLP toward backdoor attacks has not been studied yet. To address the issue, we propose a novel backdoor attack framework on DLP, denoted as Dyn-Backdoor. Specifically, Dyn-Backdoor generates diverse initial-triggers by a generative adversarial network (GAN). Then partial links of the initial-triggers are selected to form a trigger set, according to the gradient information of the attack discriminator in the GAN, so as to reduce the size of triggers and improve the concealment of the attack. Experimental results show that Dyn-Backdoor launches successful backdoor attacks on the state-of-the-art DLP models with success rate more than 90%. Additionally, we conduct a possible defense against Dyn-Backdoor to testify its resistance in defensive settings, highlighting the needs of defenses for backdoor attacks on DLP.