Summary of Trojan Prompt Attacks on Graph Neural Networks, by Minhua Lin et al.
Trojan Prompt Attacks on Graph Neural Networks
by Minhua Lin, Zhiwei Zhang, Enyan Dai, Zongyu Wu, Yilong Wang, Xiang Zhang, Suhang Wang
First submitted to arxiv on: 17 Oct 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary In this paper, researchers develop Graph Prompt Learning (GPL) as a method for adapting pre-trained Graph Neural Network (GNN) models to specific tasks without fine-tuning. While GPL shows promise, it is vulnerable to backdoor attacks that manipulate the model’s behavior by injecting hidden triggers. The proposed TGPA attack framework targets GPL specifically, injecting backdoors into graph prompts while keeping GNN encoders unchanged. To address the issue of downstream users fine-tuning their own task models, the authors introduce a finetuning-resistant poisoning approach that maintains the effectiveness of the backdoor even after adjustments. Experiments on multiple datasets demonstrate the effectiveness of TGPA in compromising GPL models with fixed GNN encoders. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper is about making a type of artificial intelligence (AI) called Graph Prompt Learning more vulnerable to attacks. Right now, this AI is good at doing certain tasks without needing to be trained again, but it can be tricked into doing the wrong thing by sneaky attackers. The researchers in this paper came up with a way for these attackers to make the AI do what they want without changing any of its underlying settings. They tested their idea on several different datasets and showed that it works really well. |
Keywords
» Artificial intelligence » Fine tuning » Gnn » Graph neural network » Prompt
