Go to WSDM 2022 homepageSurrogate Representation Learning with Isometric Mapping for Gray-box Graph Adversarial Attacks
Abstract: Gray-box graph attacks aim to disrupt the victim model's performance by using inconspicuous attacks with limited knowledge of the victim model. The details of the victim model and the labels of the test nodes are invisible to the attacker. The attacker constructs an imaginary surrogate model trained under supervision to obtain the gradient on the node attributes or graph structure. However, there is a lack of discussion on the training of surrogate models and the reliability of provided gradient information. The general node classification models lose the topology of the nodes on the graph, which is, in fact, an exploitable prior for the attacker. This paper investigates the effect of surrogate representation learning on the transferability of gray-box graph adversarial attacks. We propose Surrogate Representation Learning with Isometric Mapping (SRLIM) to reserve the topology in the surrogate embedding. By isometric mapping, our proposed SRLIM can constrain the topological structure of nodes from the input layer to the embedding space, that is, to maintain the similarity of nodes in the propagation process. Experiments prove the effectiveness of our approach through the improvement in the performance of the adversarial attacks generated by the gradient-based attacker in untargeted poisoning gray-box scenarios.
0 Replies
Loading