Knowledge graph reasoning (KGR) -- answering complex logical queries over large knowledge graphs -- represents an important artificial intelligence task, entailing a range of applications (e.g., cyber threat hunting). However, despite its surging popularity, the potential security risks of KGR are largely unexplored, which is concerning, given the increasing use of such capability in security-critical domains. This work represents a solid initial step towards bridging the striking gap. We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors. Further, we present ROAR, a new class of attacks that instantiate a variety of such threats. Through empirical evaluation in representative use cases (e.g., medical decision support, cyber threat hunting, and commonsense reasoning), we demonstrate that ROAR is highly effective to mislead KGR to suggest pre-defined answers for target queries, yet with negligible impact on non-target ones. Finally, we explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries, which leads to several promising research directions.

翻译：知识图谱推理（KGR）——在大型知识图谱上回答复杂逻辑查询——是一项重要的人工智能任务，涉及众多应用（例如网络威胁狩猎）。然而，尽管其日益普及，KGR的潜在安全风险在很大程度上尚未得到探索，考虑到此类能力在安全关键领域中日益增长的使用，这令人担忧。本文朝着弥合这一显著差距迈出了坚实的第一步。我们根据对手的目标、知识和攻击向量系统化了KGR面临的安全威胁。此外，我们提出了ROAR，一种实例化多种此类威胁的新型攻击类别。通过在代表性用例（例如医疗决策支持、网络威胁狩猎和常识推理）中的实证评估，我们证明ROAR能够高效误导KGR为目标查询建议预定义答案，同时对非目标查询影响可忽略不计。最后，我们探讨了针对ROAR的潜在对策，包括过滤可能被投毒的知识以及使用对抗性增强查询进行训练，这提出了若干有前景的研究方向。