Recently, graph condensation has emerged as a prevalent technique to improve the training efficiency for graph neural networks (GNNs). It condenses a large graph into a small one such that a GNN trained on this small synthetic graph can achieve comparable performance to a GNN trained on the large graph. However, while existing graph condensation studies mainly focus on the best trade-off between graph size and the GNNs' performance (model utility), the security issues of graph condensation have not been studied. To bridge this research gap, we propose the task of backdoor graph condensation. Effective backdoor attacks on graph condensation aim to (1) maintain the quality and utility of condensed graphs despite trigger injections and (2) ensure trigger effectiveness through the condensation process, yielding a high attack success rate. To pursue the objectives, we devise the first backdoor attack against graph condensation, denoted as BGC, where effective attack is launched by consistently updating triggers throughout condensation and focusing on poisoning representative nodes. The extensive experiments demonstrate the effectiveness of our attack. BGC achieves a high attack success rate (close to 1.0) and good model utility in all cases. Furthermore, the results against multiple defense methods demonstrate BGC's resilience under their defenses. Finally, we conduct studies to analyze the factors that influence the attack performance.
翻译:暂无翻译