Can Adversarial Network Attack be Defended?

Machine learning has been successfully applied to complex network analysis in various areas, and graph neural networks (GNNs) based methods outperform others. Recently, adversarial attack on networks has attracted special attention since carefully crafted adversarial networks with slight perturbations on clean network may invalid lots of network applications, such as node classification, link prediction, and community detection etc. Such attacks are easily constructed with serious security threat to various analyze methods, including traditional methods and deep models. To the best of our knowledge, it is the first time that defense method against network adversarial attack is discussed. In this paper, we are interested in the possibility of defense against adversarial attack on network, and propose defense strategies for GNNs against attacks. First, we propose novel adversarial training strategies to improve GNNs' defensibility against attacks. Then, we analytically investigate the robustness properties for GNNs granted by the use of smooth defense, and propose two special smooth defense strategies: smoothing distillation and smoothing cross-entropy loss function. Both of them are capable of smoothing gradient of GNNs, and consequently reduce the amplitude of adversarial gradients, which benefits gradient masking from attackers. The comprehensive experiments show that our proposed strategies have great defensibility against different adversarial attacks on four real-world networks in different network analyze tasks.

[1]  Talal Rahwan,et al.  Hiding individuals and communities in a social network , 2016, Nature Human Behaviour.

[2]  Lada A. Adamic,et al.  The political blogosphere and the 2004 U.S. election: divided they blog , 2005, LinkKDD '05.

[3]  Andrew W. Senior,et al.  Long Short-Term Memory Based Recurrent Neural Network Architectures for Large Vocabulary Speech Recognition , 2014, ArXiv.

[4]  Jascha Sohl-Dickstein,et al.  Adversarial Examples that Fool both Human and Computer Vision , 2018, ArXiv.

[5]  Jian Zhang,et al.  Automatic Pearl Classification Machine Based on a Multistream Convolutional Neural Network , 2018, IEEE Transactions on Industrial Electronics.

[6]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[7]  D. Lusseau,et al.  The bottlenose dolphin community of Doubtful Sound features a large proportion of long-lasting associations , 2003, Behavioral Ecology and Sociobiology.

[8]  Y. Vorobyeva,et al.  New online ecology of adversarial aggregates: ISIS and beyond , 2016, Science.

[9]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[10]  Xiang Lin,et al.  Double layered recommendation algorithm based on fast density clustering: Case study on Yelp social networks dataset , 2017, 2017 International Workshop on Complex Systems and Networks (IWCSN).

[11]  Valdis E. Krebs,et al.  Mapping Networks of Terrorist Cells , 2001 .

[12]  Jure Leskovec,et al.  node2vec: Scalable Feature Learning for Networks , 2016, KDD.

[13]  Minyi Guo,et al.  GraphGAN: Graph Representation Learning with Generative Adversarial Nets , 2017, AAAI.

[14]  Shishir Nagaraja,et al.  The Impact of Unlinkability on Adversarial Community Detection: Effects and Countermeasures , 2010, Privacy Enhancing Technologies.

[15]  Qi Xuan,et al.  Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations , 2018, IEEE Transactions on Knowledge and Data Engineering.

[16]  Charu C. Aggarwal,et al.  Linked Document Embedding for Classification , 2016, CIKM.

[17]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[18]  Stephan Günnemann,et al.  Adversarial Attacks on Node Embeddings , 2018, ICML 2019.

[19]  Sergey Ioffe,et al.  Rethinking the Inception Architecture for Computer Vision , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[20]  Xiang Lin,et al.  Improved spectral clustering collaborative filtering with Node2vec technology , 2017, 2017 International Workshop on Complex Systems and Networks (IWCSN).

[21]  Yao Zhao,et al.  Adversarial Attacks and Defences Competition , 2018, ArXiv.

[22]  Lise Getoor,et al.  Preserving the Privacy of Sensitive Relationships in Graph Data , 2007, PinKDD.

[23]  Qiaozhu Mei,et al.  PTE: Predictive Text Embedding through Large-scale Heterogeneous Text Networks , 2015, KDD.

[24]  Le Song,et al.  Adversarial Attack on Graph Structured Data , 2018, ICML.

[25]  Max Welling,et al.  Semi-Supervised Classification with Graph Convolutional Networks , 2016, ICLR.

[26]  Xiaojin Zhu,et al.  Using Machine Teaching to Identify Optimal Training-Set Attacks on Machine Learners , 2015, AAAI.

[27]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[28]  Jascha Sohl-Dickstein,et al.  Adversarial Examples that Fool both Computer Vision and Time-Limited Humans , 2018, NeurIPS.

[29]  Andrew McCallum,et al.  Automating the Construction of Internet Portals with Machine Learning , 2000, Information Retrieval.

[30]  Enhong Chen,et al.  Learning Deep Representations for Graph Clustering , 2014, AAAI.

[31]  Ke Wang,et al.  Neighborhood randomization for link privacy in social network analysis , 2013, World Wide Web.

[32]  Philip S. Yu,et al.  Limiting link disclosure in social network analysis through subgraph-wise perturbation , 2012, EDBT '12.

[33]  Qi Xuan,et al.  Fast Gradient Attack on Network Embedding , 2018, ArXiv.

[34]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[35]  Kevin Chen-Chuan Chang,et al.  Learning Community Embedding with Community Detection and Node Embedding on Graphs , 2017, CIKM.

[36]  Valeria Fionda,et al.  Community Deception or: How to Stop Fearing Community Detection Algorithms , 2018, IEEE Transactions on Knowledge and Data Engineering.

[37]  Stephan Günnemann,et al.  Adversarial Attacks on Neural Networks for Graph Data , 2018, KDD.

[38]  Qi Xuan,et al.  Link Weight Prediction Using Supervised Learning Methods and Its Application to Yelp Layered Network , 2018, IEEE Transactions on Knowledge and Data Engineering.

[39]  Katharine Armstrong,et al.  Big data: a revolution that will transform how we live, work, and think , 2014 .

[40]  M E J Newman,et al.  Modularity and community structure in networks. , 2006, Proceedings of the National Academy of Sciences of the United States of America.

[41]  Li Liu,et al.  Aligning Users across Social Networks Using Network Embedding , 2016, IJCAI.

[42]  Jian Pei,et al.  Community Preserving Network Embedding , 2017, AAAI.

[43]  Fabio Roli,et al.  Security Evaluation of Pattern Classifiers under Attack , 2014, IEEE Transactions on Knowledge and Data Engineering.

[44]  Steven Skiena,et al.  DeepWalk: online learning of social representations , 2014, KDD.

[45]  Krishna P. Gummadi,et al.  You are who you know: inferring user profiles in online social networks , 2010, WSDM '10.

[46]  Kevin Chen-Chuan Chang,et al.  From Node Embedding To Community Embedding , 2016, ArXiv.

[47]  Ziqiang Shi,et al.  Link Prediction Adversarial Attack , 2018, ArXiv.

[48]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[49]  Jean-Loup Guillaume,et al.  Fast unfolding of communities in large networks , 2008, 0803.0476.

[50]  Stephan Günnemann,et al.  Adversarial Attacks on Node Embeddings via Graph Poisoning , 2018, ICML.

[51]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[52]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .