Papers
Topics
Authors
Recent
Search
2000 character limit reached

Safety in Graph Machine Learning: Threats and Safeguards

Published 17 May 2024 in cs.LG | (2405.11034v1)

Abstract: Graph Machine Learning (Graph ML) has witnessed substantial advancements in recent years. With their remarkable ability to process graph-structured data, Graph ML techniques have been extensively utilized across diverse applications, including critical domains like finance, healthcare, and transportation. Despite their societal benefits, recent research highlights significant safety concerns associated with the widespread use of Graph ML models. Lacking safety-focused designs, these models can produce unreliable predictions, demonstrate poor generalizability, and compromise data confidentiality. In high-stakes scenarios such as financial fraud detection, these vulnerabilities could jeopardize both individuals and society at large. Therefore, it is imperative to prioritize the development of safety-oriented Graph ML models to mitigate these risks and enhance public confidence in their applications. In this survey paper, we explore three critical aspects vital for enhancing safety in Graph ML: reliability, generalizability, and confidentiality. We categorize and analyze threats to each aspect under three headings: model threats, data threats, and attack threats. This novel taxonomy guides our review of effective strategies to protect against these threats. Our systematic review lays a groundwork for future research aimed at developing practical, safety-centered Graph ML models. Furthermore, we highlight the significance of safe Graph ML practices and suggest promising avenues for further investigation in this crucial area.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (229)
  1. Deep learning with differential privacy. In SIGSAC, 2016.
  2. Invariant risk minimization games. In ICML, 2020.
  3. Graph based anomaly detection and description: a survey. DMKD, 2015.
  4. Invariant risk minimization. arXiv, 2019.
  5. Personalized subgraph federated learning. In ICML, 2023.
  6. Outlier resistant unsupervised deep architectures for attributed network embedding. In WSDM, 2020.
  7. Private empirical risk minimization: Efficient algorithms and tight error bounds. In IEEE FOCS, 2014.
  8. Machine unlearning: Linear filtration for logit-based classifiers. Machine Learning, 2022.
  9. A federated multigraph integration approach for connectional brain template learning. In ML-CDS, 2021.
  10. Size-invariant graph representations for graph classification extrapolations. In ICML, 2021.
  11. Adversarial attacks on knowledge graph embeddings via instance attribution methods. In EMNLP, 2021.
  12. Poisoning knowledge graph embeddings via relation inference patterns. In ACL, 2021.
  13. Adversarial attacks on node embeddings via graph poisoning. In ICML, 2019.
  14. Certifiable robustness to graph perturbations. NeurIPS, 2019.
  15. Molecular generative graph neural networks for drug discovery. Neurocomputing, 2021.
  16. Machine unlearning. In IEEE SP, 2021.
  17. Nf-gnn: network flow graph neural networks for malware detection and classification. In SSDBM, 2021.
  18. Graph domain adaptation: A generative view. arXiv, 2021.
  19. Not all low-pass filters are robust in graph convolutional networks. NeurIPS, 2021.
  20. A restricted black-box adversarial framework towards attacking graph embedding models. In AAAI, 2020.
  21. Gccad: Graph contrastive learning for anomaly detection. TKDE, 2022.
  22. Vertically federated graph neural network for privacy-preserving node classification. arXiv, 2020.
  23. Graphtta: Test time adaptation on graph neural networks. ICML, 2022.
  24. Ga-based q-attack on community detection. IEEE Trans. Comput. Soc, 2019.
  25. Graph-fraudster: Adversarial attacks on graph neural network-based vertical federated learning. IEEE Trans. Comput. Soc., 2022.
  26. Fast gradient attack on network embedding. arXiv, 2018.
  27. Graph unlearning. In SIGSAC, 2022.
  28. Fede: Embedding knowledge graphs in federated setting. In IJCKG, 2021.
  29. Practical attacks against graph-based clustering. In SIGSAC, 2017.
  30. Learning causally invariant representations for out-of-distribution generalization on graphs. NeurIPS, 2022.
  31. Gnndelete: A general strategy for unlearning in graph neural networks. In ICLR, 2023.
  32. Differentially private decoupled graph convolutions for multigranular topology protection. arXiv, 2023.
  33. Efficient model updates for approximate unlearning of graph-structured data. In ICLR, 2023.
  34. Zero-shot machine unlearning. IEEE Trans. Inf. Forensics Secur., 2023.
  35. Grapheditor: An efficient graph representation learning and unlearning approach. OpenReview, 2022.
  36. Environment inference for invariant learning. In ICML, 2021.
  37. A comprehensive survey on trustworthy graph neural networks: Privacy, robustness, fairness, and explainability. arXiv, 2022.
  38. Adversarial attack on graph structured data. In ICML, 2018.
  39. Adversarial training methods for network embedding. In WWW, 2019.
  40. Graph transfer learning via adversarial domain adaptation with graph convolution. IEEE TKDE, 2022.
  41. Node-level differentially private graph neural networks. arXiv, 2021.
  42. Node classification in uncertain graphs. In SSDBM, 2014.
  43. Adversarial model extraction on graph neural networks. arXiv, 2019.
  44. Aleatory or epistemic? does it matter? Structural safety, 2009.
  45. Eta prediction with graph neural networks in google maps. In CIKM, 2021.
  46. Inductive anomaly detection on attributed networks. In IJCAI, 2021.
  47. Deep anomaly detection on attributed networks. In SDM, 2019.
  48. Elegant: Certified defense on the fairness of graph neural networks. arXiv, 2023.
  49. Enhancing graph neural network-based fraud detectors against camouflaged fraudsters. In CIKM, 2020.
  50. User preference-aware fake news detection. In SIGIR, 2021.
  51. All you need is low (rank) defending against adversarial attacks on graphs. In WSDM, 2020.
  52. Graph adversarial training: Dynamically regularizing based on graph structure. IEEE TKDE, 2019.
  53. Twibot-22: Towards graph-based twitter bot detection. NeurIPS, 2022.
  54. Security and privacy in electronic health records: A systematic literature review. J. Biomed. Inform., 2013.
  55. Model-agnostic meta-learning for fast adaptation of deep networks. In ICML, 2017.
  56. Sign: Scalable inception graph neural networks. arXiv, 2020.
  57. Federated graph machine learning: A survey of concepts, techniques, and applications. ACM SIGKDD Explor. Newsl., 2022.
  58. Domain-adversarial training of neural networks. JMLR, 2016.
  59. Interpretation of neural networks is fragile. In AAAI, 2019.
  60. node2vec: Scalable feature learning for networks. In SIGKDD, 2016.
  61. Good: A graph out-of-distribution benchmark. In NeurIPS, 2022.
  62. Learning adaptive node embeddings across graphs. IEEE TKDE, 2022.
  63. Few-shot graph learning for molecular property prediction. In WWW, 2021.
  64. Inductive representation learning on large graphs. In NeurIPS, 2017.
  65. Bayesian graph neural networks with adaptive connection sampling. In ICML, 2020.
  66. Unsolved problems in ml safety. arXiv, 2021.
  67. On embedding uncertain graphs. In CIKM, 2017.
  68. Deep learning for fake news detection: A comprehensive survey. AI Open, 2022.
  69. Uncertainty quantification over graph with conformalized graph neural networks. arXiv, 2023.
  70. Federated graph semantic and structural learning. In IJCAI, 2023.
  71. Transfer learning in traffic prediction with graph neural networks. In IEEE ITSC, 2021.
  72. Adversarial inter-group link injection degrades the fairness of graph neural networks. In ICDM, 2022.
  73. Graphsac: Detecting anomalies in large-scale graphs. arXiv, 2019.
  74. Attention is not explanation. In NAACL-HLT, 2019.
  75. Could graph neural networks learn better molecular representation for drug discovery? a comparison study of descriptor-based and graph-based models. J. Cheminform., 2021.
  76. Graph neural network for traffic forecasting: A survey. Expert Syst. Appl., 2022.
  77. Latent adversarial training of graph convolution networks. In ICML Workshop, 2019.
  78. Power up! robust graph convolutional network against evasion attacks based on graph powering. arXiv, 2019.
  79. Node similarity preserving graph convolutional networks. In WSDM, 2021.
  80. Adversarial attacks and defenses on graphs. SIGKDD Explor. Newsl., 2021.
  81. Deceptive fairness attacks on graphs via meta learning. In ICLR, 2024.
  82. Variational graph auto-encoders. arXiv, 2016.
  83. Semi-supervised classification with graph convolutional networks. In ICLR, 2017.
  84. Understanding black-box predictions via influence functions. In ICML, 2017.
  85. Anomaly detection by learning dynamics from a graph. IEEE Access, 2020.
  86. Gawd: graph anomaly detection in weighted directed graph databases. In ASONAM, 2021.
  87. Federated learning over coupled graphs. TPDS, 2023.
  88. Realistic, mathematically tractable graph generation and evolution, using kronecker multiplication. In PKDD, 2005.
  89. Trustworthy ai: From principles to practices. ACM Comput. Surv., 2023.
  90. Ssdmv: Semi-supervised deep social spammer detection by multi-view data fusion. In ICDM, 2018.
  91. Out-of-distribution generalization on graphs: A survey. arXiv, 2022.
  92. Learning invariant graph representations for out-of-distribution generalization. In NeurIPS, 2022.
  93. Adversarial attack on community detection by hiding individuals. In WWW, 2020.
  94. Radar: Residual analysis for anomaly detection in attributed networks. In IJCAI, 2017.
  95. Adaptergnn: Efficient delta tuning improves generalization ability in graph neural networks. arXiv, 2023.
  96. Graph neural network-based diagnosis prediction. Big Data, 2020.
  97. Adversarial attacks on link prediction algorithms based on graph neural networks. In AsiaCCS, 2020.
  98. Trustworthy ai: A computational perspective. ACM TIST, 2022.
  99. Beyond generalization: A survey of out-of-distribution adaptation on graphs. arXiv, 2024.
  100. Graph neural networks with adaptive residual. NeurIPS, 2021.
  101. Pick and choose: a gnn-based imbalanced learning approach for fraud detection. In WWW, 2021.
  102. Anomaly detection on attributed networks via contrastive self-supervised learning. IEEE TNNLS, 2021.
  103. Heterogeneous similarity graph neural network on electronic health records. In IEEE BigData, 2020.
  104. Federated social recommendation with graph neural network. ACM TIST, 2021.
  105. Are gradients on graph structure reliable in gray-box attacks? In CIKM, 2022.
  106. Stfl: A temporal-spatial federated learning framework for graph neural networks. arXiv, 2021.
  107. Decentralized federated learning for electronic health records. In CISS, 2020.
  108. Towards more practical adversarial attacks on graph neural networks. In NeurIPS, 2020.
  109. A comprehensive survey on graph anomaly detection with deep learning. IEEE TKDE, 2021.
  110. Unsupervised domain adaptation using feature disentanglement and gcns for medical image classification. In ECCV, 2022.
  111. Transfer learning with graph neural networks for short-term highway traffic forecasting. In ICPR, 2021.
  112. Source free unsupervised graph domain adaptation. WSDM, 2024.
  113. Exacerbating algorithmic bias through fairness attacks. In AAAI, 2021.
  114. Sgnn: A graph neural network based federated learning approach by hiding structure. In Big Data, 2019.
  115. Uncertainty quantification in drug design. Drug Discov. Today, 2021.
  116. Interpretable and generalizable graph learning via stochastic attention mechanism. In ICML, 2022.
  117. A hard label black-box adversarial attack against graph neural networks. In ACM CCS, 2021.
  118. Domain generalization via invariant feature representation. In ICML, 2013.
  119. graph2vec: Learning distributed representations of graphs. arXiv, 2017.
  120. Bayesian semi-supervised learning with graph gaussian processes. NeurIPS, 2018.
  121. Numerical optimization. 1999.
  122. Releasing graph neural networks with differential privacy guarantees. TMLR, 2023.
  123. Representation learning with contrastive predictive coding. arXiv, 2018.
  124. Knockoff nets: Stealing functionality of black-box models. In CVPR, 2019.
  125. Patient similarity networks for precision medicine. J. Mol. Biol., 2018.
  126. Bayesian graph convolutional neural networks using non-parametric graph learning. arXiv, 2019.
  127. Unlearning graph classifiers with limited data resources. In WWW, 2023.
  128. Transfer graph neural networks for pandemic forecasting. In AAAI, 2021.
  129. Resgcn: Attention-based deep residual modeling for anomaly detection on attributed networks. DSAA, 2022.
  130. Differentially private federated knowledge graphs embedding. In CIKM, 2021.
  131. Anomalous: A joint modeling approach for anomaly detection on attributed networks. In IJCAI, 2018.
  132. Deepwalk: Online learning of social representations. In SIGKDD, 2014.
  133. Semi-supervised domain adaptation in graph transfer learning. IJCAI, 2023.
  134. Gcc: Graph contrastive coding for graph neural network pre-training. In SIGKDD, 2020.
  135. Distributionally robust optimization: A review. arXiv, 2019.
  136. Scalable and accurate deep learning with electronic health records. NPJ Digit. Med., 2018.
  137. Karthik Raman. Construction and analysis of protein–protein interaction networks. Autom. Exp., 2010.
  138. Deep one-class classification. In ICML, 2018.
  139. Distributionally robust semi-supervised learning over graphs. arXiv, 2021.
  140. A survey of graph unlearning. arXiv, 2023.
  141. Locally private graph neural networks. In CCS, 2021.
  142. Gap: Differentially private graph neural networks with aggregation perturbation. In USENIX Security, 2023.
  143. Collective classification in network data. AI magazine, 2008.
  144. Model stealing attacks against inductive graph neural networks. In IEEE SP, 2022.
  145. Impact of temporal scales and recurrent mobility patterns on the unfolding of epidemics. JSTAT, 2020.
  146. Causal attention for interpretable and generalizable graph classification. In SIGKDD, 2022.
  147. Adversarial attack and defense on graph data: A survey. IEEE TKDE, 2022.
  148. Data poisoning attack against unsupervised node embedding methods. arXiv, 2018.
  149. Node injection attacks on graphs via reinforcement learning. arXiv, 2019.
  150. Adversarial graph augmentation to improve graph contrastive learning. NeurIPS, 2021.
  151. Towards federated graph learning for collaborative financial crimes detection. arXiv, 2019.
  152. Federated learning on non-iid graphs via structural knowledge sharing. In AAAI, 2023.
  153. Rethinking graph neural networks for anomaly detection. In ICML, 2022.
  154. Transferring robustness for graph neural network against poisoning attacks. In WSDM, 2020.
  155. Deep into hypersphere: Robust and unsupervised anomaly discovery in dynamic networks. In IJCAI, 2018.
  156. Truth serum: Poisoning machine learning models to reveal their secrets. In ACM CCS, 2022.
  157. Stealing machine learning models via prediction APIs. In USENIX Security, 2016.
  158. Grove: Ownership verification of graph neural networks using embeddings. arXiv, 2023.
  159. Adversarial attacks on graph classification via bayesian optimisation. In NeurIPS, 2021.
  160. Glad-paw: Graph-based log anomaly detection by position aware weighted graph attention network. In PAKDD, 2021.
  161. Attacking graph-based classification via manipulating the graph structure. In CCS, 2019.
  162. Graphfl: A federated learning framework for semi-supervised node classification on graphs. In IEEE ICDM, 2022.
  163. Cross-domain graph anomaly detection via anomaly-aware contrastive alignment. In AAAI, 2023.
  164. Graphdefense: Towards robust graph convolutional networks. arXiv, 2019.
  165. Test-time training for graph neural networks. arXiv, 2022.
  166. Model extraction attacks on graph neural networks: Taxonomy and realisation. In Proc. ACM Conf. Comput., 2022.
  167. A survey of trustworthy graph learning: Reliability, explainability, and privacy protection. arXiv, 2022.
  168. A federated graph neural network framework for privacy-preserving personalization. Nat. Commun., 2022.
  169. Linkteller: Recovering private edges from graph neural networks via influence analysis. In IEEE SP, 2022.
  170. Adversarial examples for graph data: deep insights into attack and defense. In IJCAI, 2019.
  171. Gif: A general graph unlearning strategy via influence function. In WWW, 2023.
  172. Non-iid transfer learning on graphs. In AAAI, 2023.
  173. Certified edge unlearning for graph neural networks. In SIGKDD, 2023.
  174. Unsupervised domain adaptive graph convolutional networks. In WWW, 2020.
  175. Domain-adversarial graph neural networks for text classification. In ICDM, 2019.
  176. Handling distribution shifts on graphs: An invariance perspective. In ICLR, 2022.
  177. Adversarial weight perturbation improves generalization in graph neural networks. In AAAI, 2023.
  178. Discovering invariant rationales for graph neural networks. In ICLR, 2022.
  179. Federated graph classification over non-iid graphs. NeurIPS, 2021.
  180. Federated node classification over graphs with latent link-type heterogeneity. In WWW, 2023.
  181. Dpne: Differentially private network embedding. In PAKDD, 2018.
  182. Adversarial attacks and defenses in images, graphs and text: A review. Int. J. Autom. Comput., 2020.
  183. Machine unlearning: A survey. ACM Comput. Surv., 2023.
  184. Speedup robust graph structure learning with low-rank information. In CIKM, 2021.
  185. Watermarking graph neural networks based on backdoor attacks. In EuroS&P, 2023.
  186. Topology attack and defense for graph neural networks: an optimization perspective. In IJCAI, 2019.
  187. How powerful are graph neural networks? In ICLR, 2019.
  188. Contrastive attributed network anomaly detection with data augmentation. In PAKDD, 2022.
  189. Cap: Co-adversarial perturbation on weights and features for improving generalization of graph neural networks. arXiv, 2021.
  190. Individual and structural graph information bottlenecks for out-of-distribution generalization. IEEE TKDE, 2023.
  191. Ffd: A federated learning based method for credit card fraud detection. In BigData, 2019.
  192. Fedgcn: Convergence and communication tradeoffs in federated training of graph convolutional networks. arXiv, 2022.
  193. Omg: Towards effective graph classification against label noise. IEEE TKDE, 2023.
  194. Mind the label shift of augmentation-based graph ood generalization. In CVPR, 2023.
  195. Mitigating severe robustness degradation on graphs. In ICLR, 2024.
  196. Iot-based android malware detection using graph neural network with adversarial defense. IEEE IoT, 2022.
  197. Fair representation learning for heterogeneous information networks. In ICWSM, 2021.
  198. Deep learning methods for forecasting covid-19 time-series data: A comparative study. Chaos Solit. Fractals., 2020.
  199. Adversarial attacks on fairness of graph neural networks. In ICLR, 2024.
  200. Ppsgcn: A privacy-preserving subgraph sampling based distributed gcn training method. arXiv, 2021.
  201. Chasing all-round graph representation robustness: Model, training, and optimization. In ICLR, 2023.
  202. Projective ranking: A transferable evasion attack method on graph neural networks. In CIKM, 2021.
  203. Trustworthy graph neural networks: Aspects, methods and trends. arXiv, 2022.
  204. Reconstruction enhanced multi-view contrastive learning for anomaly detection on attributed networks. In IJCAI, 2022.
  205. Efficient federated learning on knowledge graphs via privacy-preserving relation embedding aggregation. In ACL Workshops, 2022.
  206. Subgraph federated learning with missing neighbor generation. NeurIPS, 2021.
  207. Graph embedding matrix sharing with differential privacy. IEEE Access, 2019.
  208. Sd-attack: Targeted spectral attacks on graphs. In PAKDD, 2024.
  209. Dane: Domain adaptive network embedding. In IJCAI, 2019.
  210. A survey on privacy in graph neural networks: Attacks, preservation, and applications. arXiv, 2023.
  211. Bayesian graph convolutional neural networks for semi-supervised classification. In AAAI, 2019.
  212. Detection and defense of topological adversarial attacks on graphs. In AISTATS, 2021.
  213. Estimating network edge probabilities by neighborhood smoothing. Biometrika, 2017.
  214. Deep learning on graphs: A survey. IEEE TKDE, 2020.
  215. On using classification datasets to evaluate graph outlier detection: Peculiar observations and new insights. Big Data, 2023.
  216. Graphglow: Universal and generalizable structure learning for graph neural networks. KDD, 2023.
  217. Watermarking graph neural networks by random graphs. In ISDFS, 2021.
  218. Robust graph representation learning via neural sparsification. In ICML, 2020.
  219. Generative and contrastive self-supervised learning for graph anomaly detection. IEEE TKDE, 2021.
  220. Mixedad: A scalable algorithm for detecting mixed anomalies in attributed graphs. In AAAI, 2020.
  221. Shift-robust gnns: Overcoming the limitations of localized graph training data. NeurIPS, 2021.
  222. Transfer learning of graph neural networks with ego-graph information maximization. NeurIPS, 2021.
  223. Federated learning of molecular properties with graph neural networks in a heterogeneous setting. Patterns, 2022.
  224. Memory-guided multi-view multi-domain fake news detection. IEEE TKDE, 2022.
  225. Mario: Model agnostic recipe for improving ood generalization of graph contrastive learning. arXiv, 2023.
  226. Uncertainty quantification of sparse travel demand prediction with spatial-temporal graph neural networks. In SIGKDD, 2022.
  227. Adversarial attacks on neural networks for graph data. In SIGKDD, 2018.
  228. Adversarial attacks on graph neural networks via meta learning. In ICLR, 2019.
  229. Certifiable robustness and robust training for graph convolutional networks. In SIGKDD, 2019.
Citations (2)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

Sign Up for Free