Backdoor Graph Condensation

TL;DR

This paper introduces BGC, a backdoor attack method against graph condensation techniques for GNNs, demonstrating high success rates and resilience against defenses, highlighting security vulnerabilities in graph condensation.

Contribution

We propose BGC, a novel backdoor attack against graph condensation, revealing security risks and demonstrating its effectiveness and robustness against defenses.

Findings

BGC achieves near-perfect attack success rate.

BGC maintains high model utility.

BGC is resilient to multiple defense strategies.

Abstract

Graph condensation has recently emerged as a prevalent technique to improve the training efficiency for graph neural networks (GNNs). It condenses a large graph into a small one such that a GNN trained on this small synthetic graph can achieve comparable performance to a GNN trained on the large graph. However, while existing graph condensation studies mainly focus on the best trade-off between graph size and the GNNs' performance (model utility), they overlook the security issues of graph condensation. To bridge this gap, we first explore backdoor attack against the GNNs trained on the condensed graphs. We introduce an effective backdoor attack against graph condensation, termed BGC. This attack aims to (1) preserve the condensed graph quality despite trigger injection, and (2) ensure trigger efficacy through the condensation process, achieving a high attack success rate. Specifically, BGC consistently updates triggers during condensation and targets representative nodes for poisoning. Extensive experiments demonstrate the effectiveness of our attack. BGC achieves a high attack success rate (close to 1.0) and good model utility in all cases. Furthermore, the results against multiple defense methods demonstrate BGC's resilience under their defenses. Finally, we analyze the key hyperparameters that influence the attack performance. Our code is available at: https://github.com/JiahaoWuGit/BGC.