Graph-based anomaly detection is becoming prevalent due to the powerful representation abilities of graphs as well as recent advances in graph mining techniques. These GAD tools, however, expose a new attacking surface, ironically due to their unique advantage of being able to exploit the relations among data. That is, attackers now can manipulate those relations (i.e., the structure of the graph) to allow target nodes to evade detection or degenerate the classification performance of the detection. In this paper, we exploit this vulnerability by designing the structural poisoning attacks to a FeXtra-based GAD system termed OddBall as well as the black box attacks against GCN-based GAD systems by attacking the imbalanced lienarized GCN ( LGCN ). Specifically, we formulate the attack against OddBall and LGCN as a one-level optimization problem by incorporating different regression techniques, where the key technical challenge is to efficiently solve the problem in a discrete domain. We propose a novel attack method termed BinarizedAttack based on gradient descent. Comparing to prior arts, BinarizedAttack can better use the gradient information, making it particularly suitable for solving discrete optimization problems, thus opening the door to studying a new type of attack against security analytic tools that rely on graph data.
翻译:以图表为基础的异常现象探测由于图表的强大代表能力以及图表采矿技术的最新进展而变得十分普遍。然而,这些GAD工具暴露了一个新的攻击面,具有讽刺意味的是,因为能够利用数据之间的关系具有独特的优势。这就是说,攻击者现在可以操纵这些关系(即图的结构),以便目标节点能够逃避探测或降低探测的分类性能。在本文中,我们利用这种脆弱性,设计了一种结构中毒袭击,将其归咎于一个基于FeXtra的GAD系统,称为Gdball, 以及黑盒袭击基于GCN的GAD系统,方法是攻击分布不平衡的LGCN。具体地说,我们把对OdBall和LGCN的攻击设计成一个单级优化问题,办法是结合不同的回归技术,使关键技术挑战是在离散域内有效地解决问题。我们提出了一种新型袭击方法,即基于梯度的BinalizedAttack。比格尔·Attack与以前的艺术比较,BinalizizedAttack可以更好地利用梯度信息, 来更好地使用梯度信息,以便它特别适合用来解决离心式的离心机问题。
相关内容
微信扫码咨询专知VIP会员