Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (1): 355-362.doi: 10.11896/jsjkx.230600127

• Information Security • Previous Articles     Next Articles

Black-box Graph Adversarial Attacks Based on Topology and Feature Fusion

GUO Yuxing1, YAO Kaixuan1, WANG Zhiqiang1, WEN Liangliang1, LIANG Jiye1,2   

  1. 1 School of Computer and Information Technology,Shanxi University,Taiyuan 030006,China
    2 Key Laboratory of Computational Intelligence and Chinese Information Processing(Shanxi University),Taiyuan 030006,China
  • Received:2023-06-15 Revised:2023-09-21 Online:2024-01-15 Published:2024-01-12
  • About author:GUO Yuxing,born in 1998,postgra-duate.His main research interests include machine learning and data mi-ning.
    LIANG Jiye,born in 1962,Ph.D,professor,Ph.D supervisor,is a member of CCF(No.06906F).His main research interests include artificial intelligence and machine learning.
  • Supported by:
    National Natural Science Foundation of China(62272285,U21A20473).

PDF (PC)

208

Abstract: In the era of big data,the close relationship between data is widespread,graph data analysis and mining have become an important development trend of big data technology.In recent years,as a novel type of graph representation learning tool,graph neural networks(GNNs) have extensively attracted academic and industry attention.At present,GNNs have achieved great success in various real-world applications.Lately,many researchers believe that the security and confidence level of artificial intelligence is a vital point,a lot of work focuses on deep learning adversarial attacks on Euclidean structure data such as images now.This paper mainly focuses on the black-box adversarial attack problem of graph data,which is a typical non-European structure.When the graph neural network model information(structure and parameters) is unknown,the imperceptible non-random perturbation of graph data is carried out to realize the adversarial attack on the model,and the performance of the model decreases.Applying an imperceptible no-random perturbation to the graph structure or node attributes can easily fool GNNs.The method based on node-selected black-box adversarial attack is vital,but similar methods are only taking account of the topology information of nodes instead of fully considering the information of node features,so in this paper,we propose a black-box adversarial attack for graph neural network via topology and feature fusion on citation network.In the process of selecting important nodes,this method fuses the features information and topology information of graph nodes,so that the selected nodes are significant to the graph data in both features and topology.Attackers apply small perturbations on node attributes that nodes are selected by our method and this attack has a great impact on the model.Moreover,experiments on three classic datasets show that the proposed attack strategy can remarkably reduce the performance of the model without access to model parameters and is better than the baseline methods.

Key words: Graph neural networks, Black-box adversarial attack, Information entropy, Node importance, Citation network

CLC Number: 

  • TP391
[1]KIPF T N,WELLING M.Semi-supervised classification withgraph convolutional networks[C]//Proceedings of the 5th International Conference on Learning Representations.Openreview,2017.
[2]VELICKOVIC P,CUCURULL G,CASANOVA A,et al.Graphattention networks[C]//Proceedings of the 6th International Conference on Learning Representations.Openreview,2018.
[3]XUAN Q,WANG J H,ZHAO M H,et al.Subgraph networks with application to structural feature space expansion [J].IEEE Transactions on Knowledge and Data Engineering,2021,33(6):2776-2789.
[4]ZHU Z C,ZHANG Z B,XHONNEUX L P,et al.Neural bellman-ford networks:a general graph neural network framework for link prediction[C]//Proceedings of 35th Conference and Workshop on International Conference on Machine Learning.New York,NY:ACM,2021:29476-29490.
[5]SCARSELLI F,GORI M,TSOI A C,et al.The graph neural network model [J].IEEE Transactions on Neural Networks,2009,20(1):61-80.
[6]BRUNA J,ZAREMBA W,SZLAM A,et al.Spectral networksand deep locally connected networks on graphs[C]//Procee-dings of the 1st International Conference on Learning Representations.Openreview,2014.
[7]DEFFERRARD M,BRESSON X,VANDERGHEYNST P.Convolutional neural networks on graphs with fast localized spectral filtering[C]//Proceedings of 30th Conference and Workshop on Neural Information Processing Systems.New York,NY:Curran Associates,2016:3837-3845.
[8]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining andharnessing adversarial examples[C]//Proceedings of the 3rd International Conference on Learning Representations.Openreview,2015.
[9]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguingproperties of neural networks[C]//Proceedings of the 1st International Conference on Learning Representations.Openreview,2014.
[10]MADRY A,MAKELOV A,SCHMIDT L,et al.Towards deep learning models resistant to adversarial attacks[C]//Procee-dings of the 6th International Conference on Learning Representations.Openreview,2018.
[11]BRENDEL W,RAUBER J,BETHGE M.Decision-based adversarial attacks:Reliable attacks against black-box machine lear-ning models[C]//Proceedings of the 6th International Confe-rence on Learning Representations.Openreview,2018.
[12]CHENG M H,LE T,CHEN P Y,et al.Query-efficient hard-label black-box attack:An optimization-based approach[C]//Proceedings of the 6th International Conference on Learning Representations.Openreview,2018.
[13]CHEN P Y,ZHANG H,SHARMA Y,et al.Zoo:Zeroth order optimization based black-box attacks to deep neural networks without training substitute models[C]//Proceedings of 10th ACM Workshop on Artificial Intelligence and Security.New York,NY:ACM,2017:15-26.
[14]ILYAS A,ENGSTROM L,ATHALYE A,et al.Black-box Adversarial Attacks with Limited Queries and Information[C]//Proceedings of the 6th International Conference on Learning Representations.Openreview,2018:2142-2151.
[15]LIU H,ZHANG Z H,XIA X F,et al.A Fast Black Box Boundary Attack Algorithm Based on Geometric Detection[J].Journal of Computer Research and Development,2023,60(2):435-447.
[16]CHEN J Y,CHEN Z Q,ZHENG H B,et al.Black-box physical attack against road sign recognition model via PSO [J].Ruan Jian Xue Bao/Journal of Software,2020,31(9):2785-2801.
[17]MA J Q,DING S R,MEI Q Z.Towards more practical adversa-rial attacks on graph neural networks[C]//Proceedings of 34th Conference and Workshop on Neural Information Processing Systems.Massachusetts,MA:MIT Press,2020:3837-3845.
[18]MA J Q,DENG J W,MEI Q Z.Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem[C]//Proceedings of the 15th ACM International Conference on Web Search and Data Mining.New York,NY:ACM,2022:675-685.
[19]SUN L C,DOU Y T,YANG C,et al.Adversarial Attack and Defense on Graph Data:A Survey [J].IEEE Transactions on Knowledge and Data Engineering,2023,35(8):7693-7711.
[20]DAI H J,LI H,TIAN T,et al.Adversarial attack on graph structured data[C]//Proceedings of the 35th International Conference on Machine Learning.New York,NY:ACM,2018:1115-1124.
[21]ZÜGNER D,AKBARNEJAD A,GÜNNEMANN S.Adversarial attacks on neural networks for graph data[C]//Proceedings of 28th International Joint Conference on Artificial Intelligence Best Sister Conferences.San Francisco,CA:Margan Kaufmann,2019:6246-6250.
[22]TANG H T,MA G X,CHEN Y R,et al.Adversarial attack on hierarchical graph pooling neural networks[J/OL].https://arxiv.org/abs/2005.11560.
[23]SUN Y W,WANG S H,TANG X F,et al.Node Injection Attacks on Graphs via Reinforcement Learning[J/OL].https://arxiv.org/abs/1909.06543.
[24]ZÜGNER D,GÜNNEMANN S.Adversarial Attacks on Graph Neural Networks via Meta Learning[C]//Proceedings of the 7th International Conference on Learning Representations.Openreview,2019.
[25]CHANG H,RONG Y,XU T Y,et al.A restricted black-box adversarial framework towards attacking graph embedding models[C]//Proceedings of the AAAI Conference on Artificial Intelligence.Menlo Park,CA:AAAI,2020:3389-3396.
[26]CHEN J Y,WU Y Y,XU X H,et al.Fast Gradient Attack on Network Embedding[J].arXiv:1809.02797,2018.
[27]CHEN J Y,CHEN Y X,ZHENG H B,et al.MGA:Momentum Gradient Attack on Network [J].IEEE Transactions on Computational Social Systems,2020,8(1):99-109.
[28]LIU S H,CAO H Y.The Self-Information Weighting-BasedNode Importance Ranking Method for Graph Data [J].Entropy,2022,24(10):1471.
[29]GRAY R M.Entropy and Information Theory[M].Berlin:Springer,2011.
[30]ZAREIE A,SHEIKHAHMADI A,FATEMI A.Influentialnodes ranking in complex networks:An entropy-based approach [J].Chaos,Solitons & Fractals,2017,104:485-494.
[31]YANG Z L,COHEN W W,SALAKHUTDINO-V R.Revisiting Semi-Supervised Learning with Graph Embeddings[C]//Proceedings of the 33rd International Conference on Machine Learning.New York,NY:ACM,2016:40-48.
[1] ZHOU Zhiqiang, ZHU Yan. Local Community Detection Algorithm for Attribute Networks Based on Multi-objective Particle Swarm Optimization [J]. Computer Science, 2023, 50(6A): 220200015-6.
[2] SHAO Yunfei, SONG You, WANG Baohui. Study on Degree of Node Based Personalized Propagation of Neural Predictions forSocial Networks [J]. Computer Science, 2023, 50(4): 16-21.
[3] YU Jian, ZHAO Mankun, GAO Jie, WANG Congyuan, LI Yarong, ZHANG Wenbin. Study on Graph Neural Networks Social Recommendation Based on High-order and Temporal Features [J]. Computer Science, 2023, 50(3): 49-64.
[4] HE Yulin, ZHU Penghui, HUANG Zhexue, Fournier-Viger PHILIPPE. Classification Uncertainty Minimization-based Semi-supervised Ensemble Learning Algorithm [J]. Computer Science, 2023, 50(10): 88-95.
[5] LI Yong, WU Jing-peng, ZHANG Zhong-ying, ZHANG Qiang. Link Prediction for Node Featureless Networks Based on Faster Attention Mechanism [J]. Computer Science, 2022, 49(4): 43-48.
[6] XIA Yuan, ZHAO Yun-long, FAN Qi-lin. Data Stream Ensemble Classification Algorithm Based on Information Entropy Updating Weight [J]. Computer Science, 2022, 49(3): 92-98.
[7] YANG Wen-bo, YUAN Ji-dong. Locally Black-box Adversarial Attack on Time Series [J]. Computer Science, 2022, 49(10): 285-290.
[8] ZHOU Gang, GUO Fu-liang. Research on Ensemble Learning Method Based on Feature Selection for High-dimensional Data [J]. Computer Science, 2021, 48(6A): 250-254.
[9] MA Yuan-yuan, HAN Hua, QU Qian-qian. Importance Evaluation Algorithm Based on Node Intimate Degree [J]. Computer Science, 2021, 48(5): 140-146.
[10] LI Si-di, GUO Bing-hui, YANG Xiao-bo. Study on Financial Credit Information Based on Graph Neural Network [J]. Computer Science, 2021, 48(4): 85-90.
[11] ZHAO Qin-yan, LI Zong-min, LIU Yu-jie, LI Hua. Cascaded Siamese Network Visual Tracking Based on Information Entropy [J]. Computer Science, 2020, 47(9): 157-162.
[12] LIU Zi-qi, GUO Bing-hui, CHENG Zhen, YANG Xiao-bo and YIN Zi-qiao. Science and Technology Strategy Evaluation Based on Entropy Fuzzy AHP [J]. Computer Science, 2020, 47(6A): 1-5.
[13] WU Yong, WANG Bin-jun, ZHAI Yi-ming, TONG Xin. Study on Co-citation Enhancing Directed Network Embedding [J]. Computer Science, 2020, 47(12): 279-284.
[14] WANG Ya-ge, KANG Xiao-dong, GUO Jun, HONG Rui, LI Bo, ZHANG Xiu-fang. Image Compression Method Combining Canny Edge Detection and SPIHT [J]. Computer Science, 2019, 46(6A): 222-225.
[15] ZHANG Fang, ZHAO Shu-liang, WU Yong-liang. Data Scaling Method for Multi-scale Data Mining [J]. Computer Science, 2019, 46(4): 57-65.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.