半监督图节点分类任务的清洁标签后门植入  

作　　者：杨潇 李高磊[1] YANG Xiao;LI Gaolei(School of Electronic Information and Electrical Engineering,Shanghai Jiao Tong University,Shanghai 200240,China)

机构地区：[1]上海交通大学电子信息与电气工程学院,上海200240

出　　处：《电子科技》2024年第9期57-63,共7页Electronic Science and Technology

基　　金：国家自然科学基金(U20B2048);国防基础科研项目(JCKY2020604B004)。

摘　　要：半监督图学习旨在使用给定图中的各种先验知识推断未标记节点或图的类别,通过提升数据标注的自动化,使其具有较高的节点分类效率。作为一种深度学习架构,半监督图学习也面临后门攻击威胁,但目前尚未出现对半监督图节点分类任务有效的后门攻击方法。文中提出了一种针对半监督图节点分类模型的持久性清洁标签后门攻击方法,通过在未标记的训练数据上自适应地添加触发器和对抗扰动生成中毒样本,并在不修改标签的情况下训练得到中毒的半监督图节点分类模型。而攻击者可以较为隐蔽地对模型进行投毒,且投毒率不高于4%。同时为了保证后门在模型中的持久性,设计了一种超参数调节策略以选择最佳的对抗扰动尺寸。在多个半监督图节点分类模型与开源数据集上进行的大量实验,结果表明所提方法的攻击成功率最高可达96.25%,而模型在正常样本上的分类精度几乎没有损失。Semi-supervised graph learning aims to infer the class of unlabeled nodes or graphs by using various prior knowledge in a given graph.By improving the automation of data labeling,semi-supervised graph learning has high efficiency in node classification,but as a deep learning architecture,it also faces the threat of backdoor attacks,but no effective backdoor attack method has been developed for semi-supervised graph node classification tasks.This study propose a persistent clean-label backdoor attack method for semi-supervised graph node classification models,which generates poisoned samples by adaptively adding triggers and perturbations on unlabeled training data,and then trains to obtain poisoned semi-supervised graph node classification models without modifying the labels.The attacker can poison the model more stealthily with a poisoning rate no higher than 4%.To ensure the persistence of the backdoor in the model,a hyperparameter tuning strategy is also proposed to select the optimal value of the perturbation.Extensive experiments on several semi-supervised graph node classification models and open-source datasets show that the proposed approach achieves an attack success rate of up to 96.25%with little loss of classification accuracy of the model on normal samples.

关 键 词：半监督图学习 图神经网络 节点分类 对抗样本 数据投毒 后门攻击 持久性攻击 清洁标签后门 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]