Go to ICLR 2026 Conference homepageOn the Vulnerability of Discrete Graph Diffusion Models to Backdoor Attacks
Keywords: graph diffusion model, backdoor attacks
Abstract: Diffusion models have demonstrated remarkable generative capabilities in continuous data domains such as images and videos. Recently, discrete graph diffusion models (DGDMs) have extended this success to graph generation, achieving state-of-the-art performance. However, deploying DGDMs in safety-critical applications—such as drug discovery—poses significant risks without a thorough understanding of their security vulnerabilities.
In this work, we conduct the first study of backdoor attacks on DGDMs, a potent threat that manipulates both the training and generation phases of graph diffusion. We begin by formalizing the threat model and then design a backdoor attack that enables the compromised model to:
1) generate high-quality, benign graphs when the backdoor is not activated,
2) produce effective, stealthy, and persistent backdoored graphs when triggered, and
3) preserve fundamental graph properties—permutation invariance and exchangeability—even under attack.
We validate 1) and 2) empirically, both with and without backdoor defenses, and support 3) through theoretical analysis.
Primary Area: generative models
Submission Number: 18150
Loading