TOPOLOGICAL ADVERSARIAL ATTACKS ON GRAPH NEURAL NETWORKS VIA PROJECTED META LEARNING

Graph Neural Networks (GNNs) have demonstrated significant success across diverse domains like social and biological networks. However, their susceptibility to adversarial attacks presents substantial risks in security-sensitive contexts. Even imperceptible perturbations within graphs can lead to considerable performance degradation, highlighting the urgent need for robust GNN models to ensure safety and privacy in critical applications. To address this challenge, we propose training-time optimization-based attacks on GNNs, specifically targeting modifications to graph structures. Our approach revolves around utilizing meta-gradients to tackle the two-level problem inherent in training-time attacks. This involves treating the graph as a hyperparameter to optimize, followed by leveraging convex relaxation and projected momentum optimization techniques to generate the attacks. In our evaluation on node classification tasks, our attacks surpass state-of-the-art methods within the same perturbation budget, underscoring the effectiveness of our approach. Our experiments consistently demonstrate that even minor graph perturbations result in a significant performance decline for graph convolutional networks. Our attacks do not require any prior knowledge of or access to the target classifiers. This research contributes significantly to bolstering the resilience of GNNs against adversarial manipulations in real-world scenarios.