计算机工程与应用 ›› 2021, Vol. 57 ›› Issue (7): 14-21.DOI: 10.3778/j.issn.1002-8331.2012-0367

• 热点与综述 • 上一篇    下一篇

图对抗攻击研究综述

翟正利,李鹏辉,冯舒   

  1. 青岛理工大学 信息与控制工程学院,山东 青岛 266525
  • 出版日期:2021-04-01 发布日期:2021-04-02

Research Overview of Adversarial Attacks on Graphs

ZHAI Zhengli, LI Penghui, FENG Shu   

  1. School of Information and Control Engineering, Qingdao University of Technology, Qingdao, Shandong 266520, China
  • Online:2021-04-01 Published:2021-04-02

摘要:

将深度学习用于图数据建模已经在包括节点分类、链路预测和图分类等在内的复杂任务中表现出优异的性能,但是图神经网络同样继承了深度神经网络模型容易在微小扰动下导致错误输出的脆弱性,引发了将图神经网络应用于金融、交通等安全关键领域的担忧。研究图对抗攻击的原理和实现,可以提高对图神经网络脆弱性和鲁棒性的理解,从而促进图神经网络更广泛的应用,图对抗攻击已经成为亟待深入研究的领域。介绍了图对抗攻击相关概念,将对抗攻击算法按照攻击策略分为拓扑攻击、特征攻击和混合攻击三类;进而,归纳每类算法的核心思想和策略,并比较典型攻击的具体实现方法及优缺点。通过分析现有研究成果,总结图对抗攻击存在的问题及其发展方向,为图对抗攻击领域进一步的研究和发展提供帮助。

关键词: 图数据, 图神经网络, 图对抗攻击, 对抗样本

Abstract:

Deep learning for graph data modeling has shown excellent performance in complex tasks, including node classification, link prediction, and graph classification. However, the subtle perturbation on the input is easy to cause deep neural networks false output. Graph neural networks also inherit this vulnerability, it has raised concerns for adapting graph neural networks in safety-critical areas such as finance and transportation. By investigating the mechanism and method of graph adversarial attacks, it can improve the understanding of vulnerability and robustness of graph neural networks, and promote the wider application of graph neural networks. Graph adversarial attack has become an urgent research topic for further development. Firstly, the related concepts of graph adversarial attack are introduced. Then, according to attack strategies, adversarial attack algorithms are classified into three categories, including topology attack, feature attack and hybrid attack. Moreover, each category is summarized, such as its core ideas and strategies. Furthermore, some typical attacks are compared, including specific implementation methods, advantages, and disadvantages. Through the analysis of the state of the art, the existing problems and development direction of graph adversarial attacks are summarized, which can provide help for further researching graph adversarial attacks.

Key words: graph data, graph neural network, graph adversarial attack, adversarial example