MemStranding: Adversarial attacks on temporal graph neural networks

Yue Dai; Liang Liu; Xulong Tang; Youtao Zhang; Jun Yang

MemStranding: Adversarial attacks on temporal graph neural networks

Yue Dai, Liang Liu, Xulong Tang, Youtao Zhang, Jun Yang

23 Sept 2023 (modified: 11 Feb 2024)Submitted to ICLR 2024EveryoneRevisionsBibTeX

Primary Area: learning on graphs and other geometries & topologies

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.

Keywords: Adversarial Attack, Temporal Graph Neural Networks, Dynamic Graphs

Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.

TL;DR: This paper motivates and introduces a novel adversarial attack using node memories to attack Temporal Graph Neural Networks.

Abstract: Temporal graph neural networks (TGNN) have achieved significant momentum in many real-world dynamic graph tasks. While this trend raises an urgent to study their robustness against adversarial attacks, developing an attack on TGNN is challenging due to the dynamic nature of their input dynamic graphs. On the one hand, subsequent graph changes after the attacks may diminish the impact of attacks on seen nodes. On the other hand, targeting future nodes, which are unseen during the attack, poses significant challenges due to missing knowledge about them. To tackle these unique challenges in attacking TGNNs, we propose a practical and effective adversarial attack framework, MemStranding, that leverages node memories in TGNN models to yield long-lasting and spreading adversarial noises in dynamic graphs. The MemStranding allows the attacker to inject noises into nodes' memory by adding fake nodes/edges at arbitrary timestamps. During future updates, the noises in nodes will persist with the support from their neighbors and be propagated to the future nodes by molding their memories into similar noisy states. The experimental results demonstrate that MemStranding can significantly decrease the TGNN models' performances in various tasks.

Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.

No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.

Submission Number: 8086

Loading