Graph neural network (GNN) with a powerful representation capability has been widely applied to various areas, such as biological gene prediction, social recommendation, etc. Recent works have exposed that GNN is vulnerable to the backdoor attack, i.e., models trained with maliciously crafted training samples are easily fooled by patched samples. Most of the proposed studies launch the backdoor attack using a trigger that either is the randomly generated subgraph (e.g., erd\H{o}s-r\'enyi backdoor) for less computational burden, or the gradient-based generative subgraph (e.g., graph trojaning attack) to enable a more effective attack. However, the interpretation of how is the trigger structure and the effect of the backdoor attack related has been overlooked in the current literature. Motifs, recurrent and statistically significant sub-graphs in graphs, contain rich structure information. In this paper, we are rethinking the trigger from the perspective of motifs, and propose a motif-based backdoor attack, denoted as Motif-Backdoor. It contributes from three aspects. (i) Interpretation: it provides an in-depth explanation for backdoor effectiveness by the validity of the trigger structure from motifs, leading to some novel insights, e.g., using subgraphs that appear less frequently in the graph as the trigger can achieve better attack performance. (ii) Effectiveness: Motif-Backdoor reaches the state-of-the-art (SOTA) attack performance in both black-box and defensive scenarios. (iii) Efficiency: based on the graph motif distribution, Motif-Backdoor can quickly obtain an effective trigger structure without target model feedback or subgraph model generation. Extensive experimental results show that Motif-Backdoor realizes the SOTA performance on three popular models and four public datasets compared with five baselines.

翻译：摘要：图神经网络（GNN）凭借其强大的表示能力已被广泛应用于生物基因预测、社交推荐等多个领域。近期研究揭示，GNN容易受到后门攻击，即使用恶意构造的训练样本训练的模型容易被嵌入补丁的样本欺骗。现有研究大多采用两种触发器发起后门攻击：一种是随机生成的子图（如Erdős–Rényi后门攻击），以降低计算负担；另一种是基于梯度的生成性子图（如图特洛伊木马攻击），以实现更强的攻击效果。然而，当前文献中关于触发器结构如何与后门攻击效果相关联的解读仍被忽视。模体作为图中重复出现且具有统计显著性的子图，包含丰富的结构信息。本文从模体视角重新审视触发器，并提出一种基于模体的后门攻击方法——Motif-Backdoor。其贡献体现在三个方面：（i）可解释性：通过模体对触发器结构的有效性进行深度解释，得出若干新颖见解，例如使用图中出现频率较低的子图作为触发器可获得更优的攻击性能；（ii）有效性：Motif-Backdoor在黑盒场景与防御场景中均达到最先进的攻击性能；（iii）高效性：基于图的模体分布，Motif-Backdoor可在无需目标模型反馈或子图模型生成的情况下快速获取有效的触发器结构。大量实验结果表明，与五种基线方法相比，Motif-Backdoor在三种主流模型和四个公开数据集上实现了最先进的攻击性能。