On the Robustness of Graph Reduction Against GNN Backdoor

Yuxuan Zhu; Michael Mandulak; Kerui Wu; George Slota; Yuseok Jeon; Ka Ho Chow; Lei Yu

doi:10.1145/3689932.3694762

On the Robustness of Graph Reduction Against GNN Backdoor

Yuxuan Zhu
, Michael Mandulak
, Kerui Wu
, George Slota
, Yuseok Jeon
, Ka Ho Chow
, Lei Yu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Graph Neural Networks (GNNs) have been shown to be susceptible to backdoor poisoning attacks, which pose serious threats to real-world applications. Meanwhile, graph reduction techniques have recently emerged as effective methods for accelerating GNN training on large-scale graphs. However, the development of graph reduction techniques for large graphs does not yet address how these methods might interact with the potential risks of data poisoning attacks against GNNs, particularly in relation to existing backdoor attacks. This paper conducts a thorough examination of the robustness of graph reduction methods in scalable GNN training in the presence of state-of-the-art backdoor attacks. We performed a comprehensive robustness analysis across six coarsening methods and six sparsification methods for graph reduction, under three GNN backdoor attacks against three GNN architectures. Our findings indicate that the effectiveness of graph reduction methods in mitigating attack success rates varies significantly, with some methods even exacerbating the attacks. Through detailed analyses of triggers and poisoned nodes, we interpret our findings and enhance our understanding of how graph reduction influences robustness against backdoor attacks. These results highlight the critical need for incorporating robustness considerations in graph reduction for scalable GNN training.

Original language	English
Title of host publication	AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with
Subtitle of host publication	CCS 2024
Publisher	Association for Computing Machinery, Inc
Pages	65-76
Number of pages	12
ISBN (Electronic)	9798400712289
DOIs	https://doi.org/10.1145/3689932.3694762
Publication status	Published - 2024 Nov 22
Externally published	Yes
Event	16th ACM Workshop on Artificial Intelligence and Security, AISec 2024, co-located with CCS 2024 - Salt Lake City, United States Duration: 2024 Oct 14 → 2024 Oct 18

Publication series

Name	AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024

Conference

Conference	16th ACM Workshop on Artificial Intelligence and Security, AISec 2024, co-located with CCS 2024
Country/Territory	United States
City	Salt Lake City
Period	24/10/14 → 24/10/18

Bibliographical note

Publisher Copyright:
© 2024 Copyright held by the owner/author(s).

Keywords

Coarsening
Graph Backdoor
Graph Neural Network
Graph Reduction
Sparsification
Trustworthy AI

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Software

Access to Document

10.1145/3689932.3694762

Cite this

Zhu, Y., Mandulak, M., Wu, K., Slota, G., Jeon, Y., Chow, K. H., & Yu, L. (2024). On the Robustness of Graph Reduction Against GNN Backdoor. In AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024 (pp. 65-76). (AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024). Association for Computing Machinery, Inc. https://doi.org/10.1145/3689932.3694762

On the Robustness of Graph Reduction Against GNN Backdoor. / Zhu, Yuxuan; Mandulak, Michael; Wu, Kerui et al.
AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024. Association for Computing Machinery, Inc, 2024. p. 65-76 (AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Zhu, Y, Mandulak, M, Wu, K, Slota, G, Jeon, Y, Chow, KH & Yu, L 2024, On the Robustness of Graph Reduction Against GNN Backdoor. in AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024. AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024, Association for Computing Machinery, Inc, pp. 65-76, 16th ACM Workshop on Artificial Intelligence and Security, AISec 2024, co-located with CCS 2024, Salt Lake City, United States, 24/10/14. https://doi.org/10.1145/3689932.3694762

Zhu Y, Mandulak M, Wu K, Slota G, Jeon Y, Chow KH et al. On the Robustness of Graph Reduction Against GNN Backdoor. In AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024. Association for Computing Machinery, Inc. 2024. p. 65-76. (AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024). doi: 10.1145/3689932.3694762

Zhu, Yuxuan ; Mandulak, Michael ; Wu, Kerui et al. / On the Robustness of Graph Reduction Against GNN Backdoor. AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024. Association for Computing Machinery, Inc, 2024. pp. 65-76 (AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024).

@inproceedings{f0d934a2794d459f8b987cfc806e124b,

title = "On the Robustness of Graph Reduction Against GNN Backdoor",

abstract = "Graph Neural Networks (GNNs) have been shown to be susceptible to backdoor poisoning attacks, which pose serious threats to real-world applications. Meanwhile, graph reduction techniques have recently emerged as effective methods for accelerating GNN training on large-scale graphs. However, the development of graph reduction techniques for large graphs does not yet address how these methods might interact with the potential risks of data poisoning attacks against GNNs, particularly in relation to existing backdoor attacks. This paper conducts a thorough examination of the robustness of graph reduction methods in scalable GNN training in the presence of state-of-the-art backdoor attacks. We performed a comprehensive robustness analysis across six coarsening methods and six sparsification methods for graph reduction, under three GNN backdoor attacks against three GNN architectures. Our findings indicate that the effectiveness of graph reduction methods in mitigating attack success rates varies significantly, with some methods even exacerbating the attacks. Through detailed analyses of triggers and poisoned nodes, we interpret our findings and enhance our understanding of how graph reduction influences robustness against backdoor attacks. These results highlight the critical need for incorporating robustness considerations in graph reduction for scalable GNN training.",

keywords = "Coarsening, Graph Backdoor, Graph Neural Network, Graph Reduction, Sparsification, Trustworthy AI",

author = "Yuxuan Zhu and Michael Mandulak and Kerui Wu and George Slota and Yuseok Jeon and Chow, \{Ka Ho\} and Lei Yu",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 16th ACM Workshop on Artificial Intelligence and Security, AISec 2024, co-located with CCS 2024 ; Conference date: 14-10-2024 Through 18-10-2024",

year = "2024",

month = nov,

day = "22",

doi = "10.1145/3689932.3694762",

language = "English",

series = "AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024",

publisher = "Association for Computing Machinery, Inc",

pages = "65--76",

booktitle = "AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with",

}

TY - GEN

T1 - On the Robustness of Graph Reduction Against GNN Backdoor

AU - Zhu, Yuxuan

AU - Mandulak, Michael

AU - Wu, Kerui

AU - Slota, George

AU - Jeon, Yuseok

AU - Chow, Ka Ho

AU - Yu, Lei

PY - 2024/11/22

Y1 - 2024/11/22

N2 - Graph Neural Networks (GNNs) have been shown to be susceptible to backdoor poisoning attacks, which pose serious threats to real-world applications. Meanwhile, graph reduction techniques have recently emerged as effective methods for accelerating GNN training on large-scale graphs. However, the development of graph reduction techniques for large graphs does not yet address how these methods might interact with the potential risks of data poisoning attacks against GNNs, particularly in relation to existing backdoor attacks. This paper conducts a thorough examination of the robustness of graph reduction methods in scalable GNN training in the presence of state-of-the-art backdoor attacks. We performed a comprehensive robustness analysis across six coarsening methods and six sparsification methods for graph reduction, under three GNN backdoor attacks against three GNN architectures. Our findings indicate that the effectiveness of graph reduction methods in mitigating attack success rates varies significantly, with some methods even exacerbating the attacks. Through detailed analyses of triggers and poisoned nodes, we interpret our findings and enhance our understanding of how graph reduction influences robustness against backdoor attacks. These results highlight the critical need for incorporating robustness considerations in graph reduction for scalable GNN training.

AB - Graph Neural Networks (GNNs) have been shown to be susceptible to backdoor poisoning attacks, which pose serious threats to real-world applications. Meanwhile, graph reduction techniques have recently emerged as effective methods for accelerating GNN training on large-scale graphs. However, the development of graph reduction techniques for large graphs does not yet address how these methods might interact with the potential risks of data poisoning attacks against GNNs, particularly in relation to existing backdoor attacks. This paper conducts a thorough examination of the robustness of graph reduction methods in scalable GNN training in the presence of state-of-the-art backdoor attacks. We performed a comprehensive robustness analysis across six coarsening methods and six sparsification methods for graph reduction, under three GNN backdoor attacks against three GNN architectures. Our findings indicate that the effectiveness of graph reduction methods in mitigating attack success rates varies significantly, with some methods even exacerbating the attacks. Through detailed analyses of triggers and poisoned nodes, we interpret our findings and enhance our understanding of how graph reduction influences robustness against backdoor attacks. These results highlight the critical need for incorporating robustness considerations in graph reduction for scalable GNN training.

KW - Coarsening

KW - Graph Backdoor

KW - Graph Neural Network

KW - Graph Reduction

KW - Sparsification

KW - Trustworthy AI

UR - https://www.scopus.com/pages/publications/85213739925

U2 - 10.1145/3689932.3694762

DO - 10.1145/3689932.3694762

M3 - Conference contribution

AN - SCOPUS:85213739925

T3 - AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with: CCS 2024

SP - 65

EP - 76

BT - AISec 2024 - Proceedings of the 2024 Workshop on Artificial Intelligence and Security, Co-Located with

PB - Association for Computing Machinery, Inc

T2 - 16th ACM Workshop on Artificial Intelligence and Security, AISec 2024, co-located with CCS 2024

Y2 - 14 October 2024 through 18 October 2024

ER -

On the Robustness of Graph Reduction Against GNN Backdoor

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this