The success of graph neural networks stimulates the prosperity of graph mining and the corresponding downstream tasks including graph anomaly detection (GAD). However, it has been explored that those graph mining methods are vulnerable to structural manipulations on relational data. That is, the attacker can maliciously perturb the graph structures to assist the target nodes to evade anomaly detection. In this paper, we explore the structural vulnerability of two typical GAD systems: unsupervised FeXtra-based GAD and supervised GCN-based GAD. Specifically, structural poisoning attacks against GAD are formulated as complex bi-level optimization problems. Our first major contribution is then to transform the bi-level problem into one-level leveraging different regression methods. Furthermore, we propose a new way of utilizing gradient information to optimize the one-level optimization problem in the discrete domain. Comprehensive experiments demonstrate the effectiveness of our proposed attack algorithm BinarizedAttack.

翻译：图神经网络的成功推动了图挖掘及其下游任务（包括图异常检测）的蓬勃发展。然而，已有研究表明，这些图挖掘方法对关系数据的结构操控具有脆弱性。即攻击者可恶意扰动图结构，协助目标节点逃避异常检测。本文探讨了两类典型图异常检测系统——基于无监督FeXtra的图异常检测与基于监督GCN的图异常检测——的结构脆弱性。具体而言，针对图异常检测的结构投毒攻击被形式化为复杂的双层优化问题。我们的首要贡献在于利用不同回归方法将双层问题转化为单层问题。此外，我们提出一种利用梯度信息在离散域中优化单层优化问题的新方法。大量实验证明了所提攻击算法BinarizedAttack的有效性。