Graphfool: Targeted Label Adversarial Attack on Graph Embedding

Abstract

Graph embedding learns low-dimensional representations for nodes or edges on the graph, which is widely applied in many real-world applications. Excessive graph mining promotes the research of attack methods on graph embedding. Most attack methods generate perturbations that maximize the deviation of the prediction confidence. They are difficult to accurately misclassify the instances into the target label, and the nonminimized perturbations are more easily detected by defense methods. To address these problems, we propose Graphfool, a novel targeted label adversarial attack on graph embedding. It can generate adversarial graphs to attack graph embedding methods via classification boundary and gradient information in the target graph embedding method. Graphfool first estimates the classification boundaries of different categories. Then, it calculates the minimum perturbation matrix to misclassify the attacked node according to the target classification boundary. Finally, the adjacency matrix is modified according to the maximum absolute value of the perturbation matrix. Extensive experiments demonstrate that Graphfool achieves the state-of-the-art attack performance with minimum perturbations. Besides, the possible defense experiments further prove that the perturbations generated by Graphfool are more imperceptible.