Dynamic link prediction (DLP) makes graph prediction based on historical information. Since most DLP methods are highly dependent on the training data to achieve satisfying prediction performance, the quality of the training data is crucial. Backdoor attacks induce the DLP methods to make wrong prediction by the malicious training data, i.e., generating a subgraph sequence as the trigger and embedding it to the training data. However, the vulnerability of DLP toward backdoor attacks has not been studied yet. To address the issue, we propose a novel backdoor attack framework on DLP, denoted as Dyn-Backdoor. Specifically, Dyn-Backdoor generates diverse initial-triggers by a generative adversarial network (GAN). Then partial links of the initial-triggers are selected to form a trigger set, according to the gradient information of the attack discriminator in the GAN, so as to reduce the size of triggers and improve the concealment of the attack. Experimental results show that Dyn-Backdoor launches successful backdoor attacks on the state-of-the-art DLP models with success rate more than 90%. Additionally, we conduct a possible defense against Dyn-Backdoor to testify its resistance in defensive settings, highlighting the needs of defenses for backdoor attacks on DLP.
翻译:动态链接预测( DLP) 以历史信息为基础进行图表预测。 由于大多数 DLP 方法高度依赖培训数据来达到令人满意的预测性, 培训数据的质量至关重要。 幕后攻击会诱使 DLP 方法用恶意培训数据做出错误的预测, 即生成子线序列作为触发器并将其嵌入到培训数据中。 但是, DLP 对后门攻击的脆弱性还没有研究。 为了解决这个问题, 我们提议在 DLP 上建立一个创新的后门攻击框架, 称为Dyn- Backdoor 。 具体地说, Dyn- Backdoor 生成了由基因对抗网络( GAN) 生成的多种初始触发器。 然后根据攻击歧视者在 GAN 中的梯度信息, 将初始触发器的部分链接选为触发器。 以便降低触发器的大小, 并改进隐藏攻击。 实验结果显示 Dyn- Backdoor 成功后门攻击的DLP 模式对DLP 的防御性测试成功率超过 90 。 我们为D-L 防御后门攻击的防御性测试进行可能的D- L 。
相关内容
微信扫码咨询专知VIP会员