Advances of Adversarial Attacks and Robustness Evaluation for Graph Neural Networks

doi:10.3778/j.issn.1673-9418.2311117

Abstract

Abstract: In recent years, Graph Neural Networks (GNNs) have gradually become an important research direction in artificial intelligence. However, the adversarial vulnerability of GNNs poses severe challenges to their practical applications. To gain a comprehensive understanding of adversarial attacks and robustness evaluation on GNNs, related state-of-the-art advancements are reviewed and discussed. Firstly, we introduce the research background of adversarial attacks on GNNs, provide a formal definition of these attacks, and elucidate the basic concepts and framework for research on adversarial attacks and robustness evaluation in GNNs. Following this, we give an overview of the specific methods proposed in the field of adversarial attacks on GNNs, and detail the foremost methods while categorizing them based on the type of adversarial attack and range of attack targets. Their operating mechanisms, principles, and pros and cons are also analyzed. Additionally, considering the model robustness evaluation's dependency on adversarial attack methods and adversarial perturbation degree, we focus on direct evaluation indicators. To aid in designing and evaluating adversarial attack methods and GNNs' robust models, we compare representative methods considering implementation ease, accuracy, and execution time. We foresee ongoing challenges and future research areas. Current research on GNNs' adversarial robustness is experiment-oriented, lacking a guiding theoretical framework, necessitating further systematic theoretical research to ensure GNN-based systems' trustworthiness.

Key words: graph neural network, adversarial vulnerability, adversarial attacks, robustness evaluation

摘要： 近年来，图神经网络（GNNs）逐渐成为人工智能的重要研究方向。然而，GNNs的对抗脆弱性使其实际应用面临严峻挑战。为了全面认识GNNs对抗攻击与鲁棒性评测的研究工作，对相关前沿进展进行梳理和分析讨论。首先，介绍GNNs对抗攻击的研究背景，给出GNNs对抗攻击的形式化定义，阐述GNNs对抗攻击及鲁棒性评测的研究框架和基本概念。然后，对GNNs对抗攻击领域所提具体方法进行了总结和梳理，并对其中的前沿方法从对抗攻击类型和攻击目标范围的角度进行详细分类阐述，分析了它们的工作机制、原理和优缺点。其次，考虑到基于对抗攻击的模型鲁棒性评测依赖于对抗攻击方法的选择和对抗扰动程度，只能实现间接、局部的评价，难以全面反映模型鲁棒性的本质特征，从而着重对模型鲁棒性的直接评测指标进行了梳理和分析。在此基础上，为了支撑GNNs对抗攻击方法和鲁棒性模型的设计与评价，通过实验从易实现程度、准确性、执行时间等方面对代表性的GNNs对抗攻击方法进行了对比分析。最后，对存在的挑战和未来研究方向进行展望。总体而言，目前GNNs对抗鲁棒性研究以反复实验为主、缺乏具有指导性的理论框架。如何保障基于GNNs的深度智能系统的可信性，仍需进一步系统性的基础理论研究。

关键词: 图神经网络, 对抗脆弱性, 对抗攻击, 鲁棒性评测

WU Tao, CAO Xinwen, XIAN Xingping, YUAN Lin, ZHANG Shu, CUI Canyixing, TIAN Kan. Advances of Adversarial Attacks and Robustness Evaluation for Graph Neural Networks[J]. Journal of Frontiers of Computer Science and Technology, DOI: 10.3778/j.issn.1673-9418.2311117.

吴涛, 曹新汶, 先兴平, 袁霖, 张殊, 崔灿一星, 田侃. 图神经网络对抗攻击与鲁棒性评测前沿进展[J]. 计算机科学与探索, DOI: 10.3778/j.issn.1673-9418.2311117.

[1]	WU Wenzheng, LU Xianling. Session Recommendation Algorithm Combining Item Transition Relations and Time-Order Information [J]. Journal of Frontiers of Computer Science and Technology, 2024, 18(3): 768-779.
[2]	JU Chengcheng, ZHU Yi. Knowledge Concept Recommendation Model for MOOCs with Local Subgraph Embedding [J]. Journal of Frontiers of Computer Science and Technology, 2024, 18(1): 189-204.
[3]	GU Junhua, LI Ningning, WANG Xinxin, ZHANG Suqi. Integrating Behavioral Dependencies into Multi-task Learning for Personalized Recommendations [J]. Journal of Frontiers of Computer Science and Technology, 2024, 18(1): 231-243.
[4]	CHEN Na, HUANG Jincheng, LI Ping. Graph Neural Network Defense Combined with Contrastive Learning [J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(8): 1949-1960.
[5]	YAN Zhaoyao, DING Cangfeng, MA Lerong, CAO Lu, YOU Hao. Advances in Knowledge Graph Embedding Based on Graph Neural Networks [J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(8): 1793-1813.
[6]	WU Jinchen, YANG Xingyao, YU Jiong, LI Ziyang, HUANG Shanhang, SUN Xinjie. Sequence Recommendation with Dual Channel Heterogeneous Graph Neural Network [J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(6): 1473-1486.
[7]	HAN Hu, HAO Jun, ZHANG Qiankun, MENG Tiantian. Knowledge-Enhanced Interactive Attention Model for Aspect-Based Sentiment Analysis [J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(3): 709-718.
[8]	MA Li, YAO Weifan. Link Prediction Method Combining Relational Path and Directed Subgraph Reasoning [J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(2): 478-488.
[9]	XU Xinran, WANG Tengyu, LU Cai. Research Progress of Graph Neural Network in Knowledge Graph Construction and Application [J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(10): 2278-2299.
[10]	PENG Huang, ZENG Weixin, ZHOU Jie, TANG Jiuyang, ZHAO Xiang. Contrast Research of Representation Learning in Entity Alignment Based on Graph Neural Network [J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(10): 2343-2357.
[11]	SUN Shuifa, LI Xiaolong, LI Weisheng, LEI Dajiang, LI Sihui, YANG Liu, WU Yirong. Review of Graph Neural Networks Applied to Knowledge Graph Reasoning [J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(1): 27-52.
[12]	MA Fuyuan, WANG Ying, LI Lina, WANG Hongji. Structure and Feature Fusion Graph Hierarchical Pooling Model [J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(1): 179-186.
[13]	YU Huilin, CHEN Wei, WANG Qi, GAO Jianwei, WAN Huaiyu. Knowledge Graph Link Prediction Based on Subgraph Reasoning [J]. Journal of Frontiers of Computer Science and Technology, 2022, 16(8): 1800-1808.
[14]	ZHANG Yancao, ZHAO Yuhai, SHI Lan. Multi-feature Based Link Prediction Algorithm Fusing Graph Attention [J]. Journal of Frontiers of Computer Science and Technology, 2022, 16(5): 1096-1106.
[15]	WU Jing, XIE Hui, JIANG Huowen. Survey of Graph Neural Network in Recommendation System [J]. Journal of Frontiers of Computer Science and Technology, 2022, 16(10): 2249-2263.

Advances of Adversarial Attacks and Robustness Evaluation for Graph Neural Networks

图神经网络对抗攻击与鲁棒性评测前沿进展

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics