Cost Aware Untargeted Poisoning Attack against Graph Neural Networks

Yuwei Han; Yuni Lai; Yulin Zhu; Kai Zhou

doi:10.1109/ICASSP48485.2024.10446170

Cost Aware Untargeted Poisoning Attack against Graph Neural Networks

Yuwei Han, Yuni Lai, Yulin Zhu, Kai Zhou

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

Abstract

Graph Neural Networks (GNNs) have become widely used in the field of graph mining. However, these networks are vulnerable to structural perturbations. While many research efforts have focused on analyzing vulnerability through poisoning attacks, we have identified an inefficiency in current attack losses. These losses steer the attack strategy towards modifying edges targeting misclassified nodes or resilient nodes, resulting in a waste of structural adversarial perturbation. To address this issue, we propose a novel attack loss framework called the Cost Aware Poisoning Attack (CA-attack) to improve the allocation of the attack budget by dynamically considering the classification margins of nodes. Specifically, it prioritizes nodes with smaller positive margins while postponing nodes with negative margins. Our experiments demonstrate that the proposed CA-attack significantly enhances existing attack strategies.

Original language	English
Title of host publication	2024 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	4940-4944
Number of pages	5
ISBN (Electronic)	9798350344851
DOIs	https://doi.org/10.1109/ICASSP48485.2024.10446170
Publication status	Published - Apr 2024
Event	49th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - Seoul, Korea, Republic of Duration: 14 Apr 2024 → 19 Apr 2024

Publication series

Name	ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings
ISSN (Print)	1520-6149

Conference

Conference	49th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024
Country/Territory	Korea, Republic of
City	Seoul
Period	14/04/24 → 19/04/24

Keywords

graph neural networks
node classification
Poisoning attack

ASJC Scopus subject areas

Software
Signal Processing
Electrical and Electronic Engineering

More information

10.1109/ICASSP48485.2024.10446170

Cite this

Han, Y., Lai, Y., Zhu, Y., & Zhou, K. (2024). Cost Aware Untargeted Poisoning Attack against Graph Neural Networks. In 2024 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - Proceedings (pp. 4940-4944). (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICASSP48485.2024.10446170

Han, Yuwei ; Lai, Yuni ; Zhu, Yulin et al. / Cost Aware Untargeted Poisoning Attack against Graph Neural Networks. 2024 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 4940-4944 (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings).

@inproceedings{5e8a8f13990549369b909c806d2312a2,

title = "Cost Aware Untargeted Poisoning Attack against Graph Neural Networks",

abstract = "Graph Neural Networks (GNNs) have become widely used in the field of graph mining. However, these networks are vulnerable to structural perturbations. While many research efforts have focused on analyzing vulnerability through poisoning attacks, we have identified an inefficiency in current attack losses. These losses steer the attack strategy towards modifying edges targeting misclassified nodes or resilient nodes, resulting in a waste of structural adversarial perturbation. To address this issue, we propose a novel attack loss framework called the Cost Aware Poisoning Attack (CA-attack) to improve the allocation of the attack budget by dynamically considering the classification margins of nodes. Specifically, it prioritizes nodes with smaller positive margins while postponing nodes with negative margins. Our experiments demonstrate that the proposed CA-attack significantly enhances existing attack strategies.",

keywords = "graph neural networks, node classification, Poisoning attack",

author = "Yuwei Han and Yuni Lai and Yulin Zhu and Kai Zhou",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 49th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 ; Conference date: 14-04-2024 Through 19-04-2024",

year = "2024",

month = apr,

doi = "10.1109/ICASSP48485.2024.10446170",

language = "English",

series = "ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "4940--4944",

booktitle = "2024 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - Proceedings",

}

Han, Y, Lai, Y, Zhu, Y & Zhou, K 2024, Cost Aware Untargeted Poisoning Attack against Graph Neural Networks. in 2024 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - Proceedings. ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 4940-4944, 49th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024, Seoul, Korea, Republic of, 14/04/24. https://doi.org/10.1109/ICASSP48485.2024.10446170

Cost Aware Untargeted Poisoning Attack against Graph Neural Networks. / Han, Yuwei; Lai, Yuni; Zhu, Yulin et al.
2024 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2024. p. 4940-4944 (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings).

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Cost Aware Untargeted Poisoning Attack against Graph Neural Networks

AU - Han, Yuwei

AU - Lai, Yuni

AU - Zhu, Yulin

AU - Zhou, Kai

PY - 2024/4

Y1 - 2024/4

N2 - Graph Neural Networks (GNNs) have become widely used in the field of graph mining. However, these networks are vulnerable to structural perturbations. While many research efforts have focused on analyzing vulnerability through poisoning attacks, we have identified an inefficiency in current attack losses. These losses steer the attack strategy towards modifying edges targeting misclassified nodes or resilient nodes, resulting in a waste of structural adversarial perturbation. To address this issue, we propose a novel attack loss framework called the Cost Aware Poisoning Attack (CA-attack) to improve the allocation of the attack budget by dynamically considering the classification margins of nodes. Specifically, it prioritizes nodes with smaller positive margins while postponing nodes with negative margins. Our experiments demonstrate that the proposed CA-attack significantly enhances existing attack strategies.

AB - Graph Neural Networks (GNNs) have become widely used in the field of graph mining. However, these networks are vulnerable to structural perturbations. While many research efforts have focused on analyzing vulnerability through poisoning attacks, we have identified an inefficiency in current attack losses. These losses steer the attack strategy towards modifying edges targeting misclassified nodes or resilient nodes, resulting in a waste of structural adversarial perturbation. To address this issue, we propose a novel attack loss framework called the Cost Aware Poisoning Attack (CA-attack) to improve the allocation of the attack budget by dynamically considering the classification margins of nodes. Specifically, it prioritizes nodes with smaller positive margins while postponing nodes with negative margins. Our experiments demonstrate that the proposed CA-attack significantly enhances existing attack strategies.

KW - graph neural networks

KW - node classification

KW - Poisoning attack

UR - http://www.scopus.com/inward/record.url?scp=85195426703&partnerID=8YFLogxK

U2 - 10.1109/ICASSP48485.2024.10446170

DO - 10.1109/ICASSP48485.2024.10446170

M3 - Conference article published in proceeding or book

AN - SCOPUS:85195426703

T3 - ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings

SP - 4940

EP - 4944

BT - 2024 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 49th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024

Y2 - 14 April 2024 through 19 April 2024

ER -

Han Y, Lai Y, Zhu Y, Zhou K. Cost Aware Untargeted Poisoning Attack against Graph Neural Networks. In 2024 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2024. p. 4940-4944. (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings). doi: 10.1109/ICASSP48485.2024.10446170

Cost Aware Untargeted Poisoning Attack against Graph Neural Networks

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this