Abstract
Deep learning models for graphs have advanced the state of the art on many tasks. Despite their recent success, little is known about their robustness. We investigate training time attacks on graph neural networks for node classification that perturb the discrete graph structure. Our core principle is to use meta-gradients to solve the bilevel problem underlying training-time attacks, essentially treating the graph as a hyperparameter to optimize. Our experiments show that small graph perturbations consistently lead to a strong decrease in performance for graph convolutional networks, and even transfer to unsupervised embeddings. Remarkably, the perturbations created by our algorithm can misguide the graph neural networks such that they perform worse than a simple baseline that ignores all relational information. Our attacks do not assume any knowledge about or access to the target classifiers.
Originalsprache | Englisch |
---|---|
Publikationsstatus | Veröffentlicht - 2019 |
Veranstaltung | 7th International Conference on Learning Representations, ICLR 2019 - New Orleans, USA/Vereinigte Staaten Dauer: 6 Mai 2019 → 9 Mai 2019 |
Konferenz
Konferenz | 7th International Conference on Learning Representations, ICLR 2019 |
---|---|
Land/Gebiet | USA/Vereinigte Staaten |
Ort | New Orleans |
Zeitraum | 6/05/19 → 9/05/19 |