Go to TMLR homepageOn the Vulnerability of Discrete Graph Diffusion Models to Backdoor Attacks
Abstract: Diffusion models have demonstrated remarkable generative capabilities in continuous data domains such as images and videos. Recently, discrete graph diffusion models (DGDMs) have extended this success to graph generation, achieving state-of-the-art performance. However, deploying DGDMs in safety-critical applications—such as drug discovery—poses significant risks without a thorough understanding of their security vulnerabilities.
In this work, we conduct the first study of backdoor attacks on DGDMs, a potent threat that manipulates both the training and generation phases of graph diffusion. We begin by formalizing the threat model and then design a backdoor attack that enables the compromised model to: 1) generate high-quality, benign graphs when the backdoor is not activated,
2) produce effective, stealthy, and persistent backdoored graphs when triggered, and
3) preserve fundamental graph properties—permutation invariance and exchangeability—even under attack.
We validate 1) and 2) empirically, both with and without backdoor defenses, and support 3) through theoretical analysis.
Submission Type: Regular submission (no more than 12 pages of main content)
Assigned Action Editor: ~Markus_Heinonen1
Submission Number: 6692
Loading