James Jianqiao Yu
余剑峤
Home Publications Services 中文

Professor

School of Computer Science and Technology

Harbin Institute of Technology (Shenzhen)

University Town of Shenzhen, Nanshan District, Shenzhen, Guangdong, China

jqyu(at)hit.edu.cn jqyu(at)ieee.org Google Scholar
SAM: Query-Efficient Adversarial Attacks Against Graph Neural Networks

Authors
Chenhan Zhang, Shiyao Zhang, James J.Q. Yu, and Shui Yu

Publication
ACM Transactions on Privacy and Security, Volume 26, Issue 4, November 2023, Article 49

Abstract
Recent studies indicate that Graph Neural Networks (GNNs) are vulnerable to adversarial attacks. Particularly, adversarially perturbing the graph structure, e.g., flipping edges, can lead to salient degeneration of GNNs' accuracy. In general, efficiency and stealthiness are two significant metrics to evaluate an attack method in practical use. However, most prevailing graph structure-based attack methods are query-intensive, which impacts their practical use. Furthermore, while the stealthiness of perturbations has been discussed in previous studies, the majority of them focus on the attack scenario targeting a single node. To fill the research gap, we present a global attack method against GNNs, Saturation adversarial Attack with Meta-gradient (SAM), in this paper. We first propose an enhanced meta-learning-based optimization method to obtain useful gradient information concerning graph structural perturbations. Then, leveraging the notion of saturation attack, we devise an effective algorithm to determine the perturbations based on the derived meta-gradients. Meanwhile, to ensure stealthiness, we introduce a similarity constraint to suppress the number of perturbed edges. Thorough experiments demonstrate that our method can effectively depreciate the accuracy of GNNs with a small number of queries. While achieving a higher misclassification rate, we also show that the perturbations developed by our method are not noticeable.