A graph backdoor detection method for data collection scenarios

Abstract

Read online

Abstract Data collection is an effective way to build a better Graph Neural Network (GNN) model, but it also makes it easy for attackers to implant backdoors into the model through data poisoning. In this work, we propose a backdoor detection method of graph for data collection scenarios (CGBD). Different from most existing backdoor detection methods of Neural Network (NN) models, especially the Deep Neural Network (DNN) models, the difference in predictions of backdoor samples in clean and backdoor models is exploited for backdoor detection in CGBD. Specifically, in the backdoor model, the backdoor samples with modified labels are predicted as the target class. However, in the clean model, they are predicted as the ground-truth labels since the clean model remains unaffected by the backdoor. Due to the detection methodology of CGBD is not based on the potential forms of triggers, it can detect backdoor samples with any type of trigger. Additionally, since data is associated with its providers, CGBD can detect not only backdoor data but also malicious data providers. Extensive experiments on multiple benchmark datasets demonstrate that data with varying poisoning rates exhibit significant anomalies compared to clean data. This validates the effectiveness of our proposed method.

Keywords

• Machine learning
• Graph neural networks
• Network security
• Data collection
• Backdoor detection