Gradient-Based Clean Label Backdoor Attack to Graph Neural Networks

Ryo Meguro; Hiroya Kato; Shintaro Narisada; Seira Hidano; Kazuhide Fukushima; Takuo Suganuma; Masahiro Hiji

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Gradient-Based Clean Label Backdoor Attack to Graph Neural Networks

Topics: AI and Machine Learning for Security; Data and Software Security; Security; Security Awareness and Education; Vulnerability Analysis and Countermeasures

In Proceedings of the 10th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 510-521, 2024 , Rome, Italy

Authors: Ryo Meguro ¹ ; Hiroya Kato ² ; Shintaro Narisada ² ; Seira Hidano ² ; Kazuhide Fukushima ² ; Takuo Suganuma ¹ and Masahiro Hiji ¹

Affiliations: ¹ Tohoku University, Miyagi, Japan ; ² KDDI Research, Inc., Saitama, Japan

Keyword(s): Graph Neural Networks, AI Security, Backdoor Attacks.

Abstract: Graph neural networks (GNNs) can obtain useful information from graph structured data. Although its great capability is promising, GNNs are vulnerable to backdoor attacks, which plant a marker called trigger in victims’ models to cause them to misclassify poisoned data with triggers into a target class. In particular, a clean label backdoor attack (CLBA) on the GNNs remains largely unexplored. Revealing characteristics of the CLBA is vital from the perspective of defense. In this paper, we propose the first gradient based CLBA on GNNs for graph classification tasks. Our attack consists of two important phases, the graph embedding based pairing and the gradient based trigger injection. Our pairing makes pairs from graphs of the target class and the others to successfully plant the backdoor in the target class area in the graph embedding space. Our trigger injection embeds triggers in graphs with gradient-based scores, yielding effective poisoned graphs. We conduct experiments on multi ple datasets and GNN models. Our results demonstrate that our attack outperforms the existing CLBA using fixed triggers. Our attack surpasses attack success rates of the existing CLBA by up to 50%. Furthermore, we show that our attack is difficult to detect with an existing defense. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.188.245.104

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Meguro, R., Kato, H., Narisada, S., Hidano, S., Fukushima, K., Suganuma, T. and Hiji, M. (2024). Gradient-Based Clean Label Backdoor Attack to Graph Neural Networks. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-683-5; ISSN 2184-4356, SciTePress, pages 510-521. DOI: 10.5220/0012369500003648

@conference{icissp24,
author={Ryo Meguro and Hiroya Kato and Shintaro Narisada and Seira Hidano and Kazuhide Fukushima and Takuo Suganuma and Masahiro Hiji},
title={Gradient-Based Clean Label Backdoor Attack to Graph Neural Networks},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP},
year={2024},
pages={510-521},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012369500003648},
isbn={978-989-758-683-5},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP
TI - Gradient-Based Clean Label Backdoor Attack to Graph Neural Networks
SN - 978-989-758-683-5
IS - 2184-4356
AU - Meguro, R.
AU - Kato, H.
AU - Narisada, S.
AU - Hidano, S.
AU - Fukushima, K.
AU - Suganuma, T.
AU - Hiji, M.
PY - 2024
SP - 510
EP - 521
DO - 10.5220/0012369500003648
PB - SciTePress