Simple and Efficient Partial Graph Adversarial Attack: A New Perspective

by   Guanghui Zhu, et al.
Nanjing University

As the study of graph neural networks becomes more intensive and comprehensive, their robustness and security have received great research interest. The existing global attack methods treat all nodes in the graph as their attack targets. Although existing methods have achieved excellent results, there is still considerable space for improvement. The key problem is that the current approaches rigidly follow the definition of global attacks. They ignore an important issue, i.e., different nodes have different robustness and are not equally resilient to attacks. From a global attacker's view, we should arrange the attack budget wisely, rather than wasting them on highly robust nodes. To this end, we propose a totally new method named partial graph attack (PGA), which selects the vulnerable nodes as attack targets. First, to select the vulnerable items, we propose a hierarchical target selection policy, which allows attackers to only focus on easy-to-attack nodes. Then, we propose a cost-effective anchor-picking policy to pick the most promising anchors for adding or removing edges, and a more aggressive iterative greedy-based attack method to perform more efficient attacks. Extensive experimental results demonstrate that PGA can achieve significant improvements in both attack effect and attack efficiency compared to other existing graph global attack methods.


page 1

page 4

page 5

page 6

page 14


Unnoticeable Backdoor Attacks on Graph Neural Networks

Graph Neural Networks (GNNs) have achieved promising results in various ...

Planning Spatial Networks

We tackle the problem of goal-directed graph construction: given a start...

Adversarial Attack on Large Scale Graph

Recent studies have shown that graph neural networks are vulnerable agai...

Scalable Attack on Graph Data by Injecting Vicious Nodes

Recent studies have shown that graph convolution networks (GCNs) are vul...

A Proxy-Free Strategy for Practically Improving the Poisoning Efficiency in Backdoor Attacks

Poisoning efficiency is a crucial factor in poisoning-based backdoor att...

COREATTACK: Breaking Up the Core Structure of Graphs

The concept of k-core in complex networks plays a key role in many appli...

How Fraudster Detection Contributes to Robust Recommendation

The adversarial robustness of recommendation systems under node injectio...

Please sign up or login with your details

Forgot password? Click here to reset