As Graph Neural Networks (GNNs) become increasingly prevalent in a variety of fields, from social network analysis to protein-protein interaction studies, growing concerns have emerged regarding the unauthorized utilization of personal data. Recent studies have shown that imperceptible poisoning attacks are an effective method of protecting image data from such misuse. However, the efficacy of this approach in the graph domain remains unexplored. To bridge this gap, this paper introduces GraphCloak to safeguard against the unauthorized usage of graph data. Compared with prior work, GraphCloak offers unique significant innovations: (1) graph-oriented, the perturbations are applied to both topological structures and descriptive features of the graph; (2) effective and stealthy, our cloaking method can bypass various inspections while causing a significant performance drop in GNNs trained on the cloaked graphs; and (3) stable across settings, our methods consistently perform effectively under a range of practical settings with limited knowledge. To address the intractable bi-level optimization problem, we propose two error-minimizing-based poisoning methods that target perturbations on the structural and feature space, along with a subgraph injection poisoning method. Our comprehensive evaluation of these methods underscores their effectiveness, stealthiness, and stability. We also delve into potential countermeasures and provide analytical justification for their effectiveness, paving the way for intriguing future research.

翻译：随着图神经网络（GNN）在社交网络分析到蛋白质相互作用研究等各个领域日益普及，关于个人数据未经授权使用的担忧也日益凸显。近期研究表明，隐形的投毒攻击是保护图像数据免受此类滥用的有效方法。然而，该方法在图领域的有效性仍有待探索。为填补这一空白，本文引入GraphCloak以防范图数据的未经授权使用。与先前工作相比，GraphCloak具有以下独特且显著的创新：（1）面向图结构，扰动同时作用于图的拓扑结构和描述性特征；（2）有效且隐蔽，我们的伪装方法能规避多种检测，同时导致在伪装图上训练的GNN性能显著下降；（3）跨设置稳定，我们的方法在多种有限知识的实际场景中始终表现有效。为应对棘手的双层优化问题，我们提出了两种基于误差最小化的投毒方法，分别针对结构和特征空间中的扰动，以及一种子图注入投毒方法。对这些方法的全面评估突显了其有效性、隐蔽性和稳定性。我们还探讨了潜在的反制措施，并为其有效性提供了分析论证，为未来引人入胜的研究铺平了道路。