Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge

05/26/2021
by   Heng Chang, et al.
0

With the success of the graph embedding model in both academic and industry areas, the robustness of graph embedding against adversarial attack inevitably becomes a crucial problem in graph learning. Existing works usually perform the attack in a white-box fashion: they need to access the predictions/labels to construct their adversarial loss. However, the inaccessibility of predictions/labels makes the white-box attack impractical to a real graph learning system. This paper promotes current frameworks in a more general and flexible sense – we demand to attack various kinds of graph embedding models with black-box driven. We investigate the theoretical connections between graph signal processing and graph embedding models and formulate the graph embedding model as a general graph signal process with a corresponding graph filter. Therefore, we design a generalized adversarial attacker: GF-Attack. Without accessing any labels and model predictions, GF-Attack can perform the attack directly on the graph filter in a black-box fashion. We further prove that GF-Attack can perform an effective attack without knowing the number of layers of graph embedding models. To validate the generalization of GF-Attack, we construct the attacker on four popular graph embedding models. Extensive experiments validate the effectiveness of GF-Attack on several benchmark datasets.

READ FULL TEXT
research
08/04/2019

A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models

With the great success of graph embedding model on both academic and ind...
research
08/04/2019

The General Black-box Attack Method for Graph Neural Networks

With the great success of Graph Neural Networks (GNNs) towards represent...
research
12/12/2020

Query-free Black-box Adversarial Attacks on Graphs

Many graph-based machine learning models are known to be vulnerable to a...
research
03/30/2022

Investigating Top-k White-Box and Transferable Black-box Attack

Existing works have identified the limitation of top-1 attack success ra...
research
10/16/2020

Embedding and Synthesis of Knowledge in Tree Ensemble Classifiers

This paper studies the embedding and synthesis of knowledge in tree ense...
research
03/09/2021

Practical Relative Order Attack in Deep Ranking

Recent studies unveil the vulnerabilities of deep ranking models, where ...
research
09/09/2021

Multi-granularity Textual Adversarial Attack with Behavior Cloning

Recently, the textual adversarial attack models become increasingly popu...

Please sign up or login with your details

Forgot password? Click here to reset