【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 7378次   下载 7431 本文二维码信息
码上扫一扫!
图深度学习攻击模型综述
任一支,李泽龙,袁理锋,张祯,朱娅妮,吴国华
分享到: 微信 更多
(杭州电子科技大学网络空间安全学院 杭州 中国 310018)
摘要:
近年来,图深度学习模型面临的安全威胁日益严重,相关研究表明,推荐系统中恶意用户可以通过诋毁、女巫攻击等攻击手段轻易地对系统进行欺骗。本文对现有基于图深度学习攻击工作进行系统分析和总结,提出了一种分析图深度学习攻击模型的通用框架,旨在帮助研究者快速梳理领域内现有的方法,进而设计新的攻击模型。该框架将攻击的过程分为预备阶段、攻击算法设计以及攻击实施三大阶段,其中预备阶段包含目标模型评估和攻击者自身评估两个步骤;攻击算法设计包含攻击算法特征设计和攻击算法建立两个步骤;攻击实施包含执行攻击和效果评估两个步骤。同时,我们对每个阶段攻击者的知识水平和能力进行详细说明和分析,并对比不同的方法,描述了其在不同场景下的优缺点。基于提出的框架,对现有图深度学习攻击方法从通用指标和特殊指标角度进行了比较,并总结了该领域常用的数据集。最后,论文对图深度学习攻击研究中的挑战进行分析和展望,以期对未来研究和设计更为健壮的图深度学习模型提供有益参考。
关键词:  图深度学习  对抗攻击  安全性研究  通用分析框架
DOI:10.19363/J.cnki.cn10-1380/tn.2022.01.05
投稿时间:2021-10-08修订日期:2021-11-12
基金项目:本课题得到国家自然科学基金(No.61872120)资助。
Attack Deep Learning on Graphs: A Survey
REN Yizhi,LI Zelong,YUAN Lifeng,ZHANG Zhen,ZHU Yani,WU Guohua
School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310018, China
Abstract:
The deep learning model on graphs is facing an increasing number of security threats. For example, malicious users can obstruct the online trading system using by slander attack or sybil attack. To solve this problem, many researchers studied from the attack and defense levels on the graph deep learning model. The attack level is mainly for interfering model results with data and models, and the defense level focuses on common attacks, designing robust system learning models. This work systematically summarizes and analyzes existing research from the attack level, and proposes a general graph deep learning model attack analysis theoretical framework. The theoretical framework helps researchers to quickly sort out and reproduce attack models, and it is convenient for researchers to design new attack models. This work divides the attack process into the preparation phase, the attack algorithm design phase, and the attack implementation phase. The preparatory phase includes target model evaluation and the attacker's own evaluation, the attack algorithm design phase includes designing attack algorithm feature and establishing attack algorithm, the attack implementation includes two steps: execution attack and effect evaluation. We analyze the behavior of the attackers at each phase. The focus of the description is placed in the attack algorithm feature design part, which covers almost typical attack feature design methods. And each method is described in detail. We also compare different methods, and summarize their differences, advantages and disadvantages. Meanwhile, we make recommendations for the choice of methods for different scenarios. Based on the proposed framework, the existing graph deep learning attack methods are compared from the perspective of general indicators and special indicators. And the commonly used data sets in this field are summarized. Finally, the paper analyzes and prospects the challenges in the research of graph deep learning attacks, in order to provide a useful reference for future research and design of more robust graph deep learning models.
Key words:  graph deep learning  adversarial attack  security research  general analysis theoretical framework