Summary of Rethinking Graph Backdoor Attacks: a Distribution-preserving Perspective, by Zhiwei Zhang and Minhua Lin and Enyan Dai and Suhang Wang
Rethinking Graph Backdoor Attacks: A Distribution-Preserving Perspective
by Zhiwei Zhang, Minhua Lin, Enyan Dai, Suhang Wang
First submitted to arxiv on: 17 May 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper explores the vulnerability of Graph Neural Networks (GNNs) to backdoor attacks, where attackers inject out-of-distribution (OOD) triggers into training graphs. Existing methods for generating OOD triggers are shown to be ineffective in real-world applications due to their detectability by outlier detection methods. The authors propose a novel approach to generate unnoticeable graph backdoor attacks using in-distribution (ID) triggers. This is achieved by combining an OOD detector with an adversarial learning strategy to produce ID trigger attributes within the data distribution. Novel modules are designed to enhance trigger memorization by the victim model, allowing for high attack success rates while bypassing various defense strategies. Experimental results on real-world datasets demonstrate the effectiveness of this approach. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper is about making Graph Neural Networks (GNNs) more vulnerable to attacks. Right now, attackers can easily make GNNs predict wrong things by adding special “triggers” to the data. But the problem is that these triggers are easy to detect and remove. The authors want to make it harder for defenders to stop these attacks. They’re doing this by making the triggers look like normal data. This means that when the attacker adds their trigger to the data, it won’t stand out as something unusual. The authors have developed new ways to create these special triggers and test them on real-world datasets. |
Keywords
» Artificial intelligence » Outlier detection
