Papers
Topics
Authors
Recent
Assistant
AI Research Assistant
Well-researched responses based on relevant abstracts and paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses.
Gemini 2.5 Flash
Gemini 2.5 Flash 90 tok/s
Gemini 2.5 Pro 29 tok/s Pro
GPT-5 Medium 14 tok/s Pro
GPT-5 High 17 tok/s Pro
GPT-4o 101 tok/s Pro
Kimi K2 195 tok/s Pro
GPT OSS 120B 456 tok/s Pro
Claude Sonnet 4 39 tok/s Pro
2000 character limit reached

GraphCloak: Safeguarding Task-specific Knowledge within Graph-structured Data from Unauthorized Exploitation (2310.07100v1)

Published 11 Oct 2023 in cs.CR

Abstract: As Graph Neural Networks (GNNs) become increasingly prevalent in a variety of fields, from social network analysis to protein-protein interaction studies, growing concerns have emerged regarding the unauthorized utilization of personal data. Recent studies have shown that imperceptible poisoning attacks are an effective method of protecting image data from such misuse. However, the efficacy of this approach in the graph domain remains unexplored. To bridge this gap, this paper introduces GraphCloak to safeguard against the unauthorized usage of graph data. Compared with prior work, GraphCloak offers unique significant innovations: (1) graph-oriented, the perturbations are applied to both topological structures and descriptive features of the graph; (2) effective and stealthy, our cloaking method can bypass various inspections while causing a significant performance drop in GNNs trained on the cloaked graphs; and (3) stable across settings, our methods consistently perform effectively under a range of practical settings with limited knowledge. To address the intractable bi-level optimization problem, we propose two error-minimizing-based poisoning methods that target perturbations on the structural and feature space, along with a subgraph injection poisoning method. Our comprehensive evaluation of these methods underscores their effectiveness, stealthiness, and stability. We also delve into potential countermeasures and provide analytical justification for their effectiveness, paving the way for intriguing future research.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (68)
  1. K. He, X. Zhang, S. Ren, and J. Sun, “Deep residual learning for image recognition,” in CVPR, 2016.
  2. G. E. Hinton, L. Deng, D. Yu, G. E. Dahl, A. Mohamed, N. Jaitly, A. W. Senior, V. Vanhoucke, P. Nguyen, T. N. Sainath, et al., “Deep neural networks for acoustic modeling in speech recognition: The shared views of four research groups,” IEEE Signal Processing Magazine, vol. 29, no. 6, pp. 82–97, 2012.
  3. J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “Bert: Pre-training of deep bidirectional transformers for language understanding,” 2019.
  4. N. Carlini, F. Tramer, E. Wallace, M. Jagielski, A. Herbert-Voss, K. Lee, A. Roberts, T. Brown, D. Song, U. Erlingsson, et al., “Extracting training data from large language models,” in 30th USENIX Security Symposium (USENIX Security 21), pp. 2633–2650, 2021.
  5. K. Hill, “The secretive company that might end privacy as we know it,” in Ethics of Data and Analytics, pp. 170–177, Auerbach Publications, 2020.
  6. Z. Sun, X. Du, F. Song, M. Ni, and L. Li, “Coprotector: Protect open-source code against unauthorized training usage with data poisoning,” in Proceedings of the ACM Web Conference 2022, pp. 652–660, 2022.
  7. D. Prime, “Japan goes all in: Copyright doesn’t apply to ai training,” May 2023.
  8. H. Huang, X. Ma, S. M. Erfani, J. Bailey, and Y. Wang, “Unlearnable examples: Making personal data unexploitable,” arXiv preprint arXiv:2101.04898, 2021.
  9. L. Fowl, M. Goldblum, P.-y. Chiang, J. Geiping, W. Czaja, and T. Goldstein, “Adversarial examples make strong poisons,” in NeurIPS, 2021.
  10. L. Fowl, P.-y. Chiang, M. Goldblum, J. Geiping, A. Bansal, W. Czaja, and T. Goldstein, “Preventing unauthorized use of proprietary data: Poisoning for secure dataset release,” arXiv preprint arXiv:2103.02683, 2021.
  11. C.-H. Yuan and S.-H. Wu, “Neural tangent generalization attacks,” in ICML, 2021.
  12. I. Evtimov, I. Covert, A. Kusupati, and T. Kohno, “Disrupting model training with adversarial shortcuts,” in ICML Workshop, 2021.
  13. W. Jiang, Y. Diao, H. Wang, J. Sun, M. Wang, and R. Hong, “Unlearnable examples give a false sense of security: Piercing through unexploitable data with learnable examples,” 2023.
  14. S. Fu, F. He, Y. Liu, L. Shen, and D. Tao, “Robust unlearnable examples: Protecting data privacy against adversarial learning,” in International Conference on Learning Representations, 2022.
  15. S. Wang, Z. Chen, X. Yu, D. Li, J. Ni, L.-A. Tang, J. Gui, Z. Li, H. Chen, and P. S. Yu, “Heterogeneous graph matching networks for unknown malware detection,” in Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI), 2019.
  16. W. Song, H. Yin, C. Liu, and D. Song, “Deepmem: Learning graph neural network models for fast and robust memory forensic analysis,” in Proceedings of ACM Conference on Computer and Communications (CCS), 2018.
  17. B. Wang, J. Jia, and N. Z. Gong, “Graph-based security and privacy analytics via collective classification with joint weight learning and propagation,” in Proceedings of Network and Distributed System Security Symposium (NDSS), 2019.
  18. H. Chen, O. Engkvist, Y. Wang, M. Olivecrona, and T. Blaschke, “The rise of deep learning in drug discovery,” Drug Discovery Today, vol. 23, no. 6, pp. 1241–1250, 2018.
  19. Z. Xi, R. Pang, S. Ji, and T. Wang, “Graph backdoor,” arXiv preprint arXiv:2006.11890, 2020.
  20. Z. Wu, S. Pan, F. Chen, G. Long, C. Zhang, and S. Y. Philip, “A comprehensive survey on graph neural networks,” IEEE transactions on neural networks and learning systems, vol. 32, no. 1, pp. 4–24, 2020.
  21. X. Gao, B. Xiao, D. Tao, and X. Li, “A survey of graph edit distance,” Pattern Analysis and Applications, vol. 13, no. 1, pp. 113–129, 2010.
  22. L. Mason, J. Baxter, P. Bartlett, and M. Frean, “Boosting algorithms as gradient descent,” Advances in neural information processing systems, vol. 12, 1999.
  23. H. Dai, H. Li, T. Tian, X. Huang, L. Wang, J. Zhu, and L. Song, “Adversarial attack on graph structured data,” in International conference on machine learning, pp. 1115–1124, PMLR, 2018.
  24. W. Jin, Y. Li, H. Xu, Y. Wang, S. Ji, C. Aggarwal, and J. Tang, “Adversarial attacks and defenses on graphs,” SIGKDD Explor. Newsl., p. 19–34, 2021.
  25. K. Xu, H. Chen, S. Liu, P.-Y. Chen, T.-W. Weng, M. Hong, and X. Lin, “Topology attack and defense for graph neural networks: An optimization perspective,” in Proceedings of the 28th International Joint Conference on Artificial Intelligence, pp. 3961–3967, 2019.
  26. E. N. Gilbert, “Random graphs,” Annals of Mathematical Statistics, 1959.
  27. Z. Zhang, J. Jia, B. Wang, and N. Z. Gong, “Backdoor attacks to graph neural networks,” 2021.
  28. A. K. Debnath, R. L. Lopez de Compadre, G. Debnath, A. J. Shusterman, and C. Hansch, “Structure-activity relationship of mutagenic aromatic and heteroaromatic nitro compounds: Correlation with molecular orbital energies and hydrophobicity,” Journal of Medicinal Chemistry, vol. 34, no. 2, pp. 786–797, 1991.
  29. K. M. Borgwardt, C. S. Ong, S. Schönauer, S. V. N. Vishwanathan, A. J. Smola, and H.-P. Kriegel, “Protein function prediction via graph kernels,” Bioinformatics, vol. 21, pp. i47–i56, June 2005.
  30. P. Yanardag and S. V. N. Vishwanathan, “Deep graph kernels,” in KDD ’15 Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2015.
  31. T. N. Kipf and M. Welling, “Semi-supervised classification with graph convolutional networks,” 2017.
  32. P. Veličković, G. Cucurull, A. Casanova, A. Romero, P. Liò, and Y. Bengio, “Graph attention networks,” 2018.
  33. W. L. Hamilton, R. Ying, and J. Leskovec, “Inductive representation learning on large graphs,” 2018.
  34. K. Xu, W. Hu, J. Leskovec, and S. Jegelka, “How powerful are graph neural networks?,” 2019.
  35. A. Ilyas, S. Santurkar, D. Tsipras, L. Engstrom, B. Tran, and A. Madry, “Adversarial examples are not bugs, they are features,” in NeurIPS, 2019.
  36. S. Bandyopadhyay, N. Lokesh, V. V. Saley, and M. Narasimha Murty, “Outlier resistant unsupervised deep architectures for attributed network embedding,” Published online January 20, 2020.
  37. H. Fan, F. Zhang, and Z. Li, “Anomalydae: Dual autoencoder for anomaly detection on attributed networks,” in ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 5685–5689, 2020.
  38. Z. Peng, M. Luo, J. Li, H. Liu, and Q. Zheng, “Anomalous: A joint modeling approach for anomaly detection on attributed networks,” in IJCAI, pp. 3513–3519, 2018.
  39. Z. Xu, X. Huang, Y. Zhao, Y. Dong, and J. Li, “Contrastive attributed network anomaly detection with data augmentation,” in Pacific-Asian Conference on Knowledge Discovery and Data Mining (PAKDD), 2022.
  40. K. Liu, Y. Dou, Y. Zhao, X. Ding, X. Hu, R. Zhang, K. Ding, C. Chen, H. Peng, K. Shu, G. H. Chen, Z. Jia, and P. S. Yu, “Pygod: A python library for graph outlier detection,” arXiv preprint arXiv:2204.12095, 2022.
  41. K. Liu, Y. Dou, Y. Zhao, X. Ding, X. Hu, R. Zhang, K. Ding, C. Chen, H. Peng, K. Shu, L. Sun, J. Li, G. H. Chen, Z. Jia, and P. S. Yu, “Bond: Benchmarking unsupervised outlier node detection on static attributed graphs,” Advances in Neural Information Processing Systems, vol. 35, pp. 27021–27035, 2022.
  42. T. Qin, X. Gao, J. Zhao, K. Ye, and C.-Z. Xu, “Learning the unlearnable: Adversarial augmentations suppress unlearnable example attacks,” 2023.
  43. Z. Wang, Y. Wang, and Y. Wang, “Fooling adversarial training with inducing noise,” arXiv preprint arXiv:2111.10130, 2021.
  44. Q. Zhu, N. Ponomareva, J. Han, and B. Perozzi, “Shift-robust gnns: Overcoming the limitations of localized graph training data,” 2021.
  45. J. Zhuang and M. A. Hasan, “Robust node classification on graphs,” in Proceedings of the 31st ACM International Conference on Information & Knowledge Management, ACM, oct 2022.
  46. S. Geisler, T. Schmidt, H. Şirin, D. Zügner, A. Bojchevski, and S. Günnemann, “Robustness of graph neural networks at scale,” 2023.
  47. H. Huang, X. Ma, S. M. Erfani, J. Bailey, and Y. Wang, “Unlearnable examples: Making personal data unexploitable,” 2021.
  48. A. Mayr, G. Klambauer, T. Unterthiner, and S. Hochreiter, “Deeptox: Toxicity prediction using deep learning,” Frontiers in Environmental Science, vol. 3, p. 167215, 2016.
  49. R. Huang, M. Xia, D.-T. Nguyen, T. Zhao, S. Sakamuru, J. Zhao, S. A. Shahane, A. Rossoshek, and A. Simeonov, “Tox21challenge to build predictive models of nuclear receptor and stress response pathways as mediated by exposure to environmental chemicals and drugs,” Frontiers in Environmental Science, vol. 3, p. 167167, 2016.
  50. B. Sanchez-Lengeling, J. N. Wei, B. K. Lee, R. C. Gerkin, A. Aspuru-Guzik, and A. B. Wiltschko, “Machine learning for scent: Learning generalizable perceptual representations of small molecules,” arXiv preprint arXiv:1910.10685, 2019.
  51. M. Sun, J. Tang, H. Li, B. Li, C. Xiao, Y. Chen, and D. Song, “Data poisoning attack against unsupervised node embedding methods,” 2018.
  52. A. Bojcheski and S. Günnemann, “Adversarial attacks on node embeddings,” arXiv preprint arXiv:1809.01093, 2018.
  53. G. W. Stewart, Matrix Perturbation Theory. 1990.
  54. N. Carlini and D. Wagner, “Towards evaluating the robustness of neural networks,” in Proc. of IEEE S&P, 2017.
  55. H. Zhang, T. Zheng, J. Gao, C. Miao, L. Su, Y. Li, and K. Ren, “Towards data poisoning attack against knowledge graph embedding,” 2019.
  56. X. Liu, S. Si, X. Zhu, Y. Li, and C.-J. Hsieh, “A unified framework for data poisoning attack to graph-based semi-supervised learning,” in NeurIPS, 2019.
  57. S. Zhang, H. Chen, X. Sun, Y. Li, and G. Xu, “Unsupervised graph poisoning attack via contrastive loss back-propagation,” in Proceedings of the ACM Web Conference 2022, pp. 1322–1330, 2022.
  58. T. Gu, B. Dolan-Gavitt, and S. Garg, “Badnets: Identifying vulnerabilities in the machine learning model supply chain,” arXiv preprint arXiv:1708.06733, 2017.
  59. X. Chen, C. Liu, B. Li, K. Lu, and D. Song, “Targeted backdoor attacks on deep learning systems using data poisoning,” arXiv preprint arXiv:1712.05526, 2017.
  60. Y. Liu, S. Ma, Y. Aafer, W.-C. Lee, J. Zhai, W. Wang, and X. Zhang, “Trojaning attack on neural networks,” in NDSS, 2018.
  61. J. Clements and Y. Lao, “Hardware trojan attacks on neural networks,” arXiv preprint arXiv:1806.05768, 2018.
  62. Y. Yao, H. Li, H. Zheng, and B. Y. Zhao, “Latent backdoor attacks on deep neural networks,” in CCS, 2019.
  63. A. Salem, R. Wen, M. Backes, S. Ma, and Y. Zhang, “Dynamic backdoor attacks against machine learning models,” arXiv, 2020.
  64. H. Zhang, B. Wu, X. Yang, C. Zhou, S. Wang, X. Yuan, and S. Pan, “Projective ranking: A transferable evasion attack method on graph neural networks,” in Proceedings of the 30th ACM International Conference on Information & Knowledge Management, pp. 3617–3621, 2021.
  65. S. Yang, B. G. Doan, P. Montague, O. De Vel, T. Abraham, S. Camtepe, D. C. Ranasinghe, and S. S. Kanhere, “Transferable graph backdoor attack,” in Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 321–332, 2022.
  66. H. He, K. Zha, and D. Katabi, “Indiscriminate poisoning attacks on unsupervised contrastive learning,” arXiv preprint arXiv:2202.11202, 2022.
  67. J. Ren, H. Xu, Y. Wan, X. Ma, L. Sun, and J. Tang, “Transferable unlearnable examples,” arXiv preprint arXiv:2210.10114, 2022.
  68. L. Gan, J. Li, T. Zhang, X. Li, Y. Meng, F. Wu, S. Guo, and C. Fan, “Triggerless backdoor attack for nlp tasks with clean labels,” arXiv preprint arXiv:2111.07970, 2021.
Citations (4)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Lightbulb On Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Don't miss out on important new AI/ML research

See which papers are being discussed right now on X, Reddit, and more:

Explore Trending Papers

“Emergent Mind helps me see which AI papers have caught fire online.”

Philip

Philip

Creator, AI Explained on YouTube