A graph backdoor detection method for data collection scenarios
Abstract Data collection is an effective way to build a better Graph Neural Network (GNN) model, but it also makes it easy for attackers to implant backdoors into the model through data poisoning. In this work, we propose a backdoor detection method of graph for data collection scenarios (CGBD). Dif...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2025-01-01
|
| Series: | Cybersecurity |
| Subjects: | |
| Online Access: | https://doi.org/10.1186/s42400-024-00305-w |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841559362895609856 |
|---|---|
| author | Xiaogang Xing Ming Xu Yujing Bai Dongdong Yang |
| author_facet | Xiaogang Xing Ming Xu Yujing Bai Dongdong Yang |
| author_sort | Xiaogang Xing |
| collection | DOAJ |
| description | Abstract Data collection is an effective way to build a better Graph Neural Network (GNN) model, but it also makes it easy for attackers to implant backdoors into the model through data poisoning. In this work, we propose a backdoor detection method of graph for data collection scenarios (CGBD). Different from most existing backdoor detection methods of Neural Network (NN) models, especially the Deep Neural Network (DNN) models, the difference in predictions of backdoor samples in clean and backdoor models is exploited for backdoor detection in CGBD. Specifically, in the backdoor model, the backdoor samples with modified labels are predicted as the target class. However, in the clean model, they are predicted as the ground-truth labels since the clean model remains unaffected by the backdoor. Due to the detection methodology of CGBD is not based on the potential forms of triggers, it can detect backdoor samples with any type of trigger. Additionally, since data is associated with its providers, CGBD can detect not only backdoor data but also malicious data providers. Extensive experiments on multiple benchmark datasets demonstrate that data with varying poisoning rates exhibit significant anomalies compared to clean data. This validates the effectiveness of our proposed method. |
| format | Article |
| id | doaj-art-61521340918949f5b903c97726653711 |
| institution | Kabale University |
| issn | 2523-3246 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | Cybersecurity |
| spelling | doaj-art-61521340918949f5b903c977266537112025-01-05T12:34:02ZengSpringerOpenCybersecurity2523-32462025-01-018111210.1186/s42400-024-00305-wA graph backdoor detection method for data collection scenariosXiaogang Xing0Ming Xu1Yujing Bai2Dongdong Yang3School of Cyberspace, Hangzhou Dianzi UniversitySchool of Cyberspace, Hangzhou Dianzi UniversitySchool of Cyberspace, Hangzhou Dianzi UniversityArmy Engineering University of PLAAbstract Data collection is an effective way to build a better Graph Neural Network (GNN) model, but it also makes it easy for attackers to implant backdoors into the model through data poisoning. In this work, we propose a backdoor detection method of graph for data collection scenarios (CGBD). Different from most existing backdoor detection methods of Neural Network (NN) models, especially the Deep Neural Network (DNN) models, the difference in predictions of backdoor samples in clean and backdoor models is exploited for backdoor detection in CGBD. Specifically, in the backdoor model, the backdoor samples with modified labels are predicted as the target class. However, in the clean model, they are predicted as the ground-truth labels since the clean model remains unaffected by the backdoor. Due to the detection methodology of CGBD is not based on the potential forms of triggers, it can detect backdoor samples with any type of trigger. Additionally, since data is associated with its providers, CGBD can detect not only backdoor data but also malicious data providers. Extensive experiments on multiple benchmark datasets demonstrate that data with varying poisoning rates exhibit significant anomalies compared to clean data. This validates the effectiveness of our proposed method.https://doi.org/10.1186/s42400-024-00305-wMachine learningGraph neural networksNetwork securityData collectionBackdoor detection |
| spellingShingle | Xiaogang Xing Ming Xu Yujing Bai Dongdong Yang A graph backdoor detection method for data collection scenarios Cybersecurity Machine learning Graph neural networks Network security Data collection Backdoor detection |
| title | A graph backdoor detection method for data collection scenarios |
| title_full | A graph backdoor detection method for data collection scenarios |
| title_fullStr | A graph backdoor detection method for data collection scenarios |
| title_full_unstemmed | A graph backdoor detection method for data collection scenarios |
| title_short | A graph backdoor detection method for data collection scenarios |
| title_sort | graph backdoor detection method for data collection scenarios |
| topic | Machine learning Graph neural networks Network security Data collection Backdoor detection |
| url | https://doi.org/10.1186/s42400-024-00305-w |
| work_keys_str_mv | AT xiaogangxing agraphbackdoordetectionmethodfordatacollectionscenarios AT mingxu agraphbackdoordetectionmethodfordatacollectionscenarios AT yujingbai agraphbackdoordetectionmethodfordatacollectionscenarios AT dongdongyang agraphbackdoordetectionmethodfordatacollectionscenarios AT xiaogangxing graphbackdoordetectionmethodfordatacollectionscenarios AT mingxu graphbackdoordetectionmethodfordatacollectionscenarios AT yujingbai graphbackdoordetectionmethodfordatacollectionscenarios AT dongdongyang graphbackdoordetectionmethodfordatacollectionscenarios |