IEEE Access (Jan 2025)
Targeted Discrepancy Attacks: Crafting Selective Adversarial Examples in Graph Neural Networks
Abstract
In this study, we present a novel approach to adversarial attacks for graph neural networks (GNNs), specifically addressing the unique challenges posed by graphical data. Unlike traditional adversarial attacks, which aim to perturb the input data to induce misclassifications in the target model, our approach strategically crafts adversarial examples to exploit discrepancies in model behavior. We introduce the concept of selective adversarial examples, which are instances that are correctly classified by a “friendly” model but misclassified by an “adversary” model. To achieve this, we propose a novel loss function formulation that simultaneously maximizes the probability of correct classification using a friendly model and minimizes the probability of correct classification using an adversary model. This approach facilitates the generation of adversarial examples that are both subtle and effective, necessitating minimal perturbations in the input graph. We systematically explain the principles and structure of our method and evaluate its performance through experiments conducted on a GNN using the Reddit, ogbn-product, and Citeseer datasets. Our results demonstrate the effectiveness of the proposed approach in generating selective adversarial examples, highlighting its potential applications in military environments, where the ability to selectively target adversary models is crucial. In addition, we provide visualizations of graph adversarial examples to aid in understanding the nature of the attacks. Overall, our contributions are threefold: First, we pioneer the concept of selective adversarial examples within the graph domain. Second, we provide comprehensive insights into the systematic generation and evaluation of these examples. Third, we furnish empirical evidence demonstrating their effectiveness in compromising the robustness of models.
Keywords
