Knowledge graph reasoning (KGR) -- answering complex logical queries over large knowledge graphs -- represents an important artificial intelligence task, entailing a range of applications (e.g., cyber threat hunting). However, despite its surging popularity, the potential security risks of KGR are largely unexplored, which is concerning, given the increasing use of such capability in security-critical domains. This work represents a solid initial step towards bridging the striking gap. We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors. Further, we present ROAR, a new class of attacks that instantiate a variety of such threats. Through empirical evaluation in representative use cases (e.g., medical decision support, cyber threat hunting, and commonsense reasoning), we demonstrate that ROAR is highly effective to mislead KGR to suggest pre-defined answers for target queries, yet with negligible impact on non-target ones. Finally, we explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries, which leads to several promising research directions.

翻译：知识图谱推理（KGR）——对大型知识图谱进行复杂逻辑查询解答——是人工智能领域一项重要任务，涵盖网络威胁追踪等多种应用场景。然而，尽管该技术日益流行，其潜在安全风险尚未得到充分探索。考虑到该能力在安全关键领域的应用日益广泛，这一现状令人担忧。本研究为弥合这一显著差距奠定了坚实的第一步。我们根据攻击者的目标、知识和攻击向量，系统梳理了KGR面临的安全威胁。进一步，我们提出ROAR——一类实例化多种此类威胁的新型攻击方法。通过在医疗决策支持、网络威胁追踪和常识推理等代表性用例中的实证评估，我们证明ROAR能够高效诱导KGR为目标查询输出预设答案，同时对非目标查询影响微乎其微。最后，我们探索了针对ROAR的潜在防御措施，包括过滤潜在投毒知识及使用对抗增强查询进行训练，由此衍生出若干有价值的研究方向。