Label specificity attack: Change your label as I want

Abstract

Graph neural networks (GNN) have been widely used in many machine learning tasks, such as text classification, sequence labeling, protein interface prediction, and knowledge graph. With increasing security concerns, GNN have been proved to be vulnerable and unreliable. Recent years, inspired by adversarial model in computer vision, various attacks on graph data begin to emerge. However, the exist attacks mostly focus on security violation and attack specificity, and very few attacks concern error specificity. In this paper, we focus on dealing with this kind of attack on one node of the graph by slightly manipulating the graph structure. Our goal is to change the label of the node to what we want after attack. We formulate this case as label specificity attack problem. The biggest challenge in solving this problem is the lack of theoretical guidance to perform this attack. For this, we reinterpret structural entropy and define differential structural entropy (DS-entropy) to guide the manipulation. Based on DS-entropy, we propose the target-label principle and max-degree principle to execute our attack, and then design the corresponding algorithm DSEM. We compare our algorithm DSEM with two benchmarks on three classical graph data sets. Results show that our algorithm is effective in performing label specificity attacks.