Current browse context:
cs.SI
Change to browse by:
References & Citations
Computer Science > Machine Learning
Title: Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge
(Submitted on 26 May 2021 (v1), last revised 1 Mar 2022 (this version, v2))
Abstract: With the success of the graph embedding model in both academic and industry areas, the robustness of graph embedding against adversarial attack inevitably becomes a crucial problem in graph learning. Existing works usually perform the attack in a white-box fashion: they need to access the predictions/labels to construct their adversarial loss. However, the inaccessibility of predictions/labels makes the white-box attack impractical to a real graph learning system. This paper promotes current frameworks in a more general and flexible sense -- we demand to attack various kinds of graph embedding models with black-box driven. We investigate the theoretical connections between graph signal processing and graph embedding models and formulate the graph embedding model as a general graph signal process with a corresponding graph filter. Therefore, we design a generalized adversarial attacker: GF-Attack. Without accessing any labels and model predictions, GF-Attack can perform the attack directly on the graph filter in a black-box fashion. We further prove that GF-Attack can perform an effective attack without knowing the number of layers of graph embedding models. To validate the generalization of GF-Attack, we construct the attacker on four popular graph embedding models. Extensive experiments validate the effectiveness of GF-Attack on several benchmark datasets.
Submission history
From: Heng Chang [view email][v1] Wed, 26 May 2021 09:18:58 GMT (265kb,D)
[v2] Tue, 1 Mar 2022 02:40:12 GMT (259kb,D)
Link back to: arXiv, form interface, contact.