SEA: Spectral Edge Attack on Graph Neural Networks

Graph neural networks (GNNs) have been widely applied in a variety of domains. However, the very ability of graphs to represent complex data structures is both the key strength of GNNs and a major source of their vulnerability. Recent studies have shown that attacking GNNs by maliciously perturbing the underlying graph can severely degrade their performance. For attack methods, the central challenge is to maintain attack effectiveness while remaining difficult to detect. Most existing attacks require modifying the graph structure, such as adding or deleting edges, which is relatively easy to notice. To address this problem, this paper proposes a new attack model that employs spectral adversarial robustness evaluation to quantitatively analyze the vulnerability of each edge in a graph. By precisely targeting the weakest links, our method can achieve effective attacks without changing the connectivity pattern of edges in the graph, for example by subtly adjusting the weights of a small subset of the most vulnerable edges. We apply the proposed method to attack several classical graph neural network architectures, and experimental results show that our attack is highly effective.

Key Contributions

• First algorithm to use spectral adversarial robustness evaluation to quantitatively rank edge vulnerability and select attack targets in a GNN graph.
• Weight-only perturbation attack that achieves effective misclassification without adding, deleting, or rewiring edges, making it significantly harder to detect than topology-altering attacks.
• Demonstrated attack effectiveness against classical GNN architectures (GCN, etc.) on real-world graph datasets.

🛡️ Threat Analysis

Details

Similar Papers