Top K Enhanced Reinforcement Learning Attacks on Heterogeneous Graph Node Classification

Honglin Gao,Gaoxi Xiao
2024-08-04
Abstract:Graph Neural Networks (GNNs) have attracted substantial interest due to their exceptional performance on graph-based data. However, their robustness, especially on heterogeneous graphs, remains underexplored, particularly against adversarial attacks. This paper proposes HeteroKRLAttack, a targeted evasion black-box attack method for heterogeneous graphs. By integrating reinforcement learning with a Top-K algorithm to reduce the action space, our method efficiently identifies effective attack strategies to disrupt node classification tasks. We validate the effectiveness of HeteroKRLAttack through experiments on multiple heterogeneous graph datasets, showing significant reductions in classification accuracy compared to baseline methods. An ablation study underscores the critical role of the Top-K algorithm in enhancing attack performance. Our findings highlight potential vulnerabilities in current models and provide guidance for future defense strategies against adversarial attacks on heterogeneous graphs.
Machine Learning,Artificial Intelligence
What problem does this paper attempt to address?
The paper primarily focuses on the robustness of Graph Neural Networks (GNNs) on heterogeneous graphs, particularly concerning adversarial attacks on such graphs. The researchers propose a method named HeteroKRLAttack, which is a targeted evasion black-box attack method for heterogeneous graph node classification tasks. ### Research Background and Motivation - **Heterogeneous Graphs**: Contain multiple types of nodes and edges, which can more accurately reflect complex relationships in the real world. - **Node Classification**: An important task that predicts node categories based on node features and graph structure. - **Limitations of Existing Research**: Although Heterogeneous Graph Neural Networks (HGNNs) perform well in node classification, research on the robustness of these models, especially in the face of adversarial attacks, is very limited. ### Main Contributions 1. **Reinforcement Learning Black-Box Attack Method**: Proposes a reinforcement learning-based black-box attack method that attacks the model by observing inputs and outputs. 2. **Top-K Algorithm to Reduce Action Space**: Utilizes the Top-K algorithm to effectively reduce the action space, improving search efficiency and attack effectiveness. 3. **Experimental Validation**: Conducted experiments on multiple public heterogeneous graph datasets, showing that the proposed method significantly reduces node classification accuracy. ### Method Overview - **Reinforcement Learning Framework**: Constructs a reinforcement learning framework where the attacker is viewed as an agent learning the optimal strategy through exploratory attacks. - **Top-K Algorithm**: Introduces the Top-K algorithm to reduce the action space and improve search efficiency. Specifically, in each attack step, only candidate actions closest to the current state are considered, greatly enhancing search efficiency. - **Experimental Setup and Results**: Conducted experiments on multiple public heterogeneous graph datasets, showing that the proposed method can significantly reduce node classification accuracy, demonstrating its potential threat. ### Related Work - **Heterogeneous Graph Neural Networks**: Early work focused mainly on heterogeneous graph embeddings, later shifting to deep models based on message passing. - **Adversarial Attacks**: Research has shown the vulnerability of deep neural networks in handling graph-structured data, especially the robustness issues in adversarial environments. In summary, this paper aims to fill the research gap in adversarial attacks on heterogeneous graph neural networks and proposes an effective and practical attack method. It not only reveals potential vulnerabilities in existing models but also provides important guidance for the development of future defense strategies.