一种面向图分类攻击的对抗检测算法  

作　　者：徐慧玲 宣琦[2] 陈晋音[2] XU Hui-ling;XUAN Qi;CHEN Jin-yin(College of Information Engineering,Zhejiang University of Technology,Hangzhou 310012,China;Institute of Cyberspace Security,Zhejiang University of Technology,Hangzhou 310012,China)

机构地区：[1]浙江工业大学信息工程学院,杭州310012 [2]浙江工业大学网络空间安全研究院,杭州310012

出　　处：《小型微型计算机系统》2023年第10期2113-2119,共7页Journal of Chinese Computer Systems

基　　金：国家自然科学基金项目(61973273)资助;浙江省重点研发计划项目(2022C01018)资助;国家自然科学基金项目(62072406)资助.

摘　　要：近年来,图分类是一个在不同领域具有实际应用价值的基本问题.同时,有关图分类任务的恶意攻击层出不穷.现有的方法主要集中在提高图分类模型的精度上,忽略了鲁棒性和可解释性.此外大部分工作是使用对抗图来减少恶意攻击的负面影响,通常忽视了干净图的潜力,主要是因为它们无法区分对抗图和正常图.因此,本文研究了通过特征转换来探索干净图和对抗图之间的内在差异,从而增强图神经网络对恶意攻击的鲁棒性问题.特别地,提出了一种新的对抗检测机制,可以通过干净图创建有监督的知识来训练检测能力.最后在3种真实数据集上,对3种图分类攻击展开对抗检测实验.实验结果表明联合动态对抗检测的性能最优,检测率高达90%,可有效检测对抗图.In recent years,graph classification is an essential problem with practical application value in different fields.Meantime,malicious attacks on graph classification tasks emerge one after another.The existing methods mainly concentrate on improving the accuracy of the graph classification model but ignore other aspects,such as robustness and interpretability.On the other hand,most of the work is to use the adversarial graph to lessen the negative effects of the hostile attack,often ignoring the potential of clean graphs,essentially because they cannot distinguish the adversarial graph from the normal graph.Accordingly,this paper studies the problem of enhancing the robustness of GNNS against malicious attacks by exploring the inherent differences between clean graphs and adversarial graphs by feature transformation.In particular,a new adversarial detector is proposed,which can create supervised knowledge through these clean graphs to train the detection ability.Finally,the adversarial detection experiments are carried out on three real datasets for the three attacks based on graph classification.The experimental results show that the performance of joint dynamic adversarial detection is the best,and its detection rate is as high as 90%,which can effectively detect adversarial graphs.

关 键 词：图分类 对抗检测 子图网络 数据挖掘 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]