HeteroBA: A Structure-Manipulating Backdoor Attack on Heterogeneous Graphs

TL;DR

This paper introduces HeteroBA, a backdoor attack method on heterogeneous graph neural networks that manipulates graph structure and features to cause targeted misclassification without degrading overall performance.

Contribution

The paper presents a novel backdoor attack framework specifically designed for HGNNs, utilizing structural and feature manipulation to achieve high attack success rates.

Findings

HeteroBA achieves high attack success rates on multiple datasets.

The attack minimally affects the model's performance on clean data.

HeteroBA reveals vulnerabilities in HGNNs to backdoor threats.

Abstract

Heterogeneous graph neural networks (HGNNs) have recently drawn increasing attention for modeling complex multi-relational data in domains such as recommendation, finance, and social networks. While existing research has been largely focused on enhancing HGNNs' predictive performance, their robustness and security, especially under backdoor attacks, remain underexplored. In this paper, we propose a novel Heterogeneous Backdoor Attack (HeteroBA) framework for node classification tasks on heterogeneous graphs. HeteroBA inserts carefully crafted trigger nodes with realistic features and targeted structural connections, leveraging attention-based and clustering-based strategies to select influential auxiliary nodes for effective trigger propagation, thereby causing the model to misclassify specific nodes into a target label while maintaining accuracy on clean data. Experimental results on three datasets and various HGNN architectures demonstrate that HeteroBA achieves high attack success rates with minimal impact on the clean accuracy. Our method sheds light on potential vulnerabilities in HGNNs and calls for more robust defenses against backdoor threats in multi-relational graph scenarios.