Attacks on Node Attributes in Graph Neural Networks
This work addresses security concerns for graph-based models in social media and literacy applications, though it is incremental as it focuses specifically on node attributes compared to existing methods.
The paper investigates the vulnerability of graph neural networks to adversarial attacks on node attributes, finding that decision time attacks using Projected Gradient Descent are more potent than poisoning attacks on datasets like Hellaswag, Cora, and CiteSeer.
Graphs are commonly used to model complex networks prevalent in modern social media and literacy applications. Our research investigates the vulnerability of these graphs through the application of feature based adversarial attacks, focusing on both decision time attacks and poisoning attacks. In contrast to state of the art models like Net Attack and Meta Attack, which target node attributes and graph structure, our study specifically targets node attributes. For our analysis, we utilized the text dataset Hellaswag and graph datasets Cora and CiteSeer, providing a diverse basis for evaluation. Our findings indicate that decision time attacks using Projected Gradient Descent (PGD) are more potent compared to poisoning attacks that employ Mean Node Embeddings and Graph Contrastive Learning strategies. This provides insights for graph data security, pinpointing where graph-based models are most vulnerable and thereby informing the development of stronger defense mechanisms against such attacks.