A Random Walk Based Black-Box Adversarial Attack against Graph Neural Network
Graph neural networks have achieved remarkable success on many graph analysis tasks.However,recent studies have unveiled their susceptibility to adversarial attacks.The existing research on black box attacks often requires attackers to know all the training data of the target model,and is not applicable in scenarios where attackers have difficulty obtaining feature representations of graph neural network nodes.This paper proposed a more strict black-box attack model,where the attacker only possessed knowledge of the graph structure and labels of select nodes,but remained unaware of node feature representations.Under this attack model,this paper proposed a black-box adversarial attack method against graph neural networks.The approach approximated the influence of each node on the model output and identified optimal perturbations with greedy strategy.Experiments show that though less information is available,the attack success rate of this algorithm is close to that of the state-of-the-art algorithms,while achieving a higher attack speed.In addition,the attack method in this article also has migration and anti-defense capabilities.
万方数据
维普
