Adversarial Attacks on Graph Neural Networks via Node Injections: A Hierarchical Reinforcement Learning Approach

Graph Neural Networks (GNN) offer the powerful approach to node classification in complex networks across many domains including social media, E-commerce, and FinTech. However, recent studies show that GNNs are vulnerable to attacks aimed at adversely impacting their node classification performance. Existing studies of adversarial attacks on GNN focus primarily on manipulating the connectivity between existing nodes, a task that requires greater effort on the part of the attacker in real-world applications. In contrast, it is much more expedient on the part of the attacker to inject adversarial nodes, e.g., fake profiles with forged links, into existing graphs so as to reduce the performance of the GNN in classifying existing nodes. Hence, we consider a novel form of node injection poisoning attacks on graph data. We model the key steps of a node injection attack, e.g., establishing links between the injected adversarial nodes and other nodes, choosing the label of an injected node, etc. by a Markov Decision Process. We propose a novel reinforcement learning method for Node Injection Poisoning Attacks (NIPA), to sequentially modify the labels and links of the injected nodes, without changing the connectivity between existing nodes. Specifically, we introduce a hierarchical Q-learning network to manipulate the labels of the adversarial nodes and their links with other nodes in the graph, and design an appropriate reward function to guide the reinforcement learning agent to reduce the node classification performance of GNN. The results of the experiments show that NIPA is consistently more effective than the baseline node injection attack methods for poisoning graph data on three benchmark datasets.

© Sun None. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in '', https://dx.doi.org/10.1145/10.1145/3366423.3380149.

Files

Metadata

Work Title Adversarial Attacks on Graph Neural Networks via Node Injections: A Hierarchical Reinforcement Learning Approach
Access
Open Access
Creators
  1. Yiwei Sun
  2. Suhang Wang
  3. Xianfeng Tang
  4. Tsung-Yu Hsieh
  5. Vasant Honavar
License In Copyright (Rights Reserved)
Work Type Article
Publisher
  1. ACM
Publication Date April 19, 2020
Publisher Identifier (DOI)
  1. 10.1145/3366423.3380149
Source
  1. Proceedings of The Web Conference 2020
Deposited September 09, 2021

Versions

Analytics

Collections

This resource is currently not in any collection.

Work History

Version 1
published

  • Created

    September 09, 2021 18:37 by Research Informatics and Publishing

  • Added Adversarial_Attacks_on_Graph_Neural_Networks_via_Node_Injections__A_Hierarchical__Reinforcement_Learning_Approach-1.pdf

    September 09, 2021 18:37 by Research Informatics and Publishing

  • Added Creator Yiwei Sun

    September 09, 2021 18:37 by Research Informatics and Publishing

  • Added Creator Suhang Wang

    September 09, 2021 18:37 by Research Informatics and Publishing

  • Added Creator Xianfeng Tang

    September 09, 2021 18:37 by Research Informatics and Publishing

  • Added Creator Tsung-Yu Hsieh

    September 09, 2021 18:37 by Research Informatics and Publishing

  • Added Creator Vasant Honavar

    September 09, 2021 18:37 by Research Informatics and Publishing

  • Published

    September 09, 2021 18:37 by Research Informatics and Publishing

  • Updated

    February 28, 2022 22:44 by [unknown user]

  • Updated

    March 22, 2022 16:18 by [unknown user]