Offensive And Defensive Research On Graph Neural Networks Based On Adversarial Machine Learning

With the rapid development of deep learning models,graph neural networks have been widely used in different fields such as social networks,finance and traffic road networks.However,the vulnerability when encountering adversarial attacks has raised great concerns.It has been shown that when a carefully constructed perturbed graph is fed into graph neural networks,the performance of model is severely compromised.In recent years,relevant offensive and defensive adversarial research has been carried out on graph neural networks.Node injection attack is easy to use in practical scenarios due to its ability to operate the original data without requiring access.However,most existing approaches use gradient loss to measure the attack effectiveness of the perturbation.Real attack scenarios cannot directly use gradient-based methods because of the lack of model information,which will lead to difficulties in getting perturbations.In addition,existing defensive methods ignore the protection of locally important nodes,which makes privacy nodes more vulnerable to directional targeting attack.Based on the summary of existing research work,this dissertation investigates node injection attacks on graph neural networks and attack node identification defense strategies for targeted adversarial attacks.The main work and contributions of this dissertation are as follows:(1)Aiming at the node injection attack problem in the grey-box scenario,a node injection attack method based on node importance and homogeneity is proposed.The method decomposes the problem of node injection attack in the gray-box scenario into two sub-problems: the construction of injected node features and the selection of injected node neighbors.For the two subproblems,a sampling method based on node features and a neighbor selection method combining the principles of node importance and node homogeneity is proposed to achieve the injection of attacking nodes,respectively.Experimental results such as comparison experiments and attack scale experiments show that the node injection attack based on node importance and homogeneity is effective and better than the comparison method.Meanwhile,the concealment experiments verify that the attack method proposed in this dissertation is not easily identified by the defensive strategy.(2)To address the problem of defending graph neural network models against directional target attacks,a method for defending against directional target attacks based on attack node identification is proposed.By pre-identifying the attack nodes and removing the connected edges between the attack nodes and the target nodes,the defensive method protects arbitrary target nodes against the harm from directional target attacks.To solve the problem of attack node identification,an attack node identification method based on node influence is proposed.By analyzing attack features,the method accomplishes the task of identifying attack nodes.Experimental results on the benchmark dataset show that the defensive method is effective and outperforms the comparison method in dealing with directional target attacks.