LogicPoison: Logical Attacks on Graph Retrieval-Augmented Generation

TL;DR

This paper introduces LogicPoison, a novel attack that disrupts the logical structure of knowledge graphs used in GraphRAG systems, bypassing defenses and degrading performance without altering surface text.

Contribution

It reveals a new vulnerability in GraphRAG systems by targeting logical connections, and proposes LogicPoison to exploit this weakness through entity swapping.

Findings

LogicPoison effectively bypasses GraphRAG defenses.

It significantly degrades reasoning performance in benchmarks.

Outperforms existing attack methods in effectiveness and stealth.

Abstract

Graph-based Retrieval-Augmented Generation (GraphRAG) enhances the reasoning capabilities of Large Language Models (LLMs) by grounding their responses in structured knowledge graphs. Leveraging community detection and relation filtering techniques, GraphRAG systems demonstrate inherent resistance to traditional RAG attacks, such as text poisoning and prompt injection. However, in this paper, we find that the security of GraphRAG systems fundamentally relies on the topological integrity of the underlying graph, which can be undermined by implicitly corrupting the logical connections, without altering surface-level text semantics. To exploit this vulnerability, we propose \textsc{LogicPoison}, a novel attack framework that targets logical reasoning rather than injecting false contents. Specifically, \textsc{LogicPoison} employs a type-preserving entity swapping mechanism to perturb both global logic hubs for disrupting overall graph connectivity and query-specific reasoning bridges for severing essential multi-hop inference paths. This approach effectively reroutes valid reasoning into dead ends while maintaining surface-level textual plausibility. Comprehensive experiments across multiple benchmarks demonstrate that \textsc{LogicPoison} successfully bypasses GraphRAG's defenses, significantly degrading performance and outperforming state-of-the-art baselines in both effectiveness and stealth. Our code is available at \textcolor{blue}https://github.com/Jord8061/logicPoison.