Abstract
Backdoor attacks represent a serious threat to neural network models. A backdoored model will misclassify the trigger-embedded inputs into an attacker-chosen target label while performing normally on other benign inputs. There are already numerous works on backdoor attacks on neural networks, but only a few works consider graph neural networks (GNNs). As such, there is no intensive research on explaining the impact of trigger injecting position on the performance of backdoor attacks on GNNs. To bridge this gap, we conduct an experimental investigation on the performance of backdoor attacks on GNNs. We apply two powerful GNN explainability approaches to select the optimal trigger injecting position to achieve two attacker objectives - high attack success rate and low clean accuracy drop. Our empirical results on benchmark datasets and state-of-the-art neural network models demonstrate the proposed method's effectiveness in selecting trigger injecting position for backdoor attacks on GNNs. For instance, on the node classification task, the backdoor attack with trigger injecting position selected by GraphLIME reaches over 84% attack success rate with less than 2.5% accuracy drop.
Original language | English |
---|---|
Title of host publication | WiseML 2021 |
Subtitle of host publication | Proceedings of the 3rd ACM Workshop on Wireless Security and Machine Learning |
Place of Publication | New York |
Publisher | Association for Computing Machinery (ACM) |
Pages | 31-36 |
Number of pages | 6 |
ISBN (Electronic) | 978-1-4503-8561-9 |
DOIs | |
Publication status | Published - 2021 |
Event | 3rd ACM Workshop on Wireless Security and Machine Learning, WiseML 2021 - Virtual, Online, United Arab Emirates Duration: 2 Jul 2021 → 2 Jul 2021 |
Conference
Conference | 3rd ACM Workshop on Wireless Security and Machine Learning, WiseML 2021 |
---|---|
Country/Territory | United Arab Emirates |
City | Virtual, Online |
Period | 2/07/21 → 2/07/21 |
Keywords
- backdoor attacks
- explainability
- graph neural networks