loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Ryo Meguro 1 ; Hiroya Kato 2 ; Shintaro Narisada 2 ; Seira Hidano 2 ; Kazuhide Fukushima 2 ; Takuo Suganuma 1 and Masahiro Hiji 1

Affiliations: 1 Tohoku University, Miyagi, Japan ; 2 KDDI Research, Inc., Saitama, Japan

Keyword(s): Graph Neural Networks, AI Security, Backdoor Attacks.

Abstract: Graph neural networks (GNNs) can obtain useful information from graph structured data. Although its great capability is promising, GNNs are vulnerable to backdoor attacks, which plant a marker called trigger in victims’ models to cause them to misclassify poisoned data with triggers into a target class. In particular, a clean label backdoor attack (CLBA) on the GNNs remains largely unexplored. Revealing characteristics of the CLBA is vital from the perspective of defense. In this paper, we propose the first gradient based CLBA on GNNs for graph classification tasks. Our attack consists of two important phases, the graph embedding based pairing and the gradient based trigger injection. Our pairing makes pairs from graphs of the target class and the others to successfully plant the backdoor in the target class area in the graph embedding space. Our trigger injection embeds triggers in graphs with gradient-based scores, yielding effective poisoned graphs. We conduct experiments on multi ple datasets and GNN models. Our results demonstrate that our attack outperforms the existing CLBA using fixed triggers. Our attack surpasses attack success rates of the existing CLBA by up to 50%. Furthermore, we show that our attack is difficult to detect with an existing defense. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.221.154.151

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Meguro, R.; Kato, H.; Narisada, S.; Hidano, S.; Fukushima, K.; Suganuma, T. and Hiji, M. (2024). Gradient-Based Clean Label Backdoor Attack to Graph Neural Networks. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-683-5; ISSN 2184-4356, SciTePress, pages 510-521. DOI: 10.5220/0012369500003648

@conference{icissp24,
author={Ryo Meguro. and Hiroya Kato. and Shintaro Narisada. and Seira Hidano. and Kazuhide Fukushima. and Takuo Suganuma. and Masahiro Hiji.},
title={Gradient-Based Clean Label Backdoor Attack to Graph Neural Networks},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP},
year={2024},
pages={510-521},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012369500003648},
isbn={978-989-758-683-5},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP
TI - Gradient-Based Clean Label Backdoor Attack to Graph Neural Networks
SN - 978-989-758-683-5
IS - 2184-4356
AU - Meguro, R.
AU - Kato, H.
AU - Narisada, S.
AU - Hidano, S.
AU - Fukushima, K.
AU - Suganuma, T.
AU - Hiji, M.
PY - 2024
SP - 510
EP - 521
DO - 10.5220/0012369500003648
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic