Graph Neural Networks (GNNs) are a class of deep learning models capable of processing graph-structured data, and they have demonstrated significant performance in a variety of real-world applications. Recent studies have found that GNN models are vulnerable to backdoor attacks. When specific patterns (called backdoor triggers, e.g., subgraphs, nodes, etc.) appear in the input data, the backdoor embedded in the GNN models is activated, which misclassifies the input data into the target class label specified by the attacker, whereas when there are no backdoor triggers in the input, the backdoor embedded in the GNN models is not activated, and the models work normally. Backdoor attacks are highly stealthy and expose GNN models to serious security risks. Currently, research on backdoor attacks against GNNs mainly focus on tasks such as graph classification and node classification, and backdoor attacks against link prediction tasks are rarely studied. In this paper, we propose a backdoor attack against the link prediction tasks based on GNNs and reveal the existence of such security vulnerability in GNN models, which make the backdoored GNN models to incorrectly predict unlinked two nodes as having a link relationship when a trigger appear. The method uses a single node as the trigger and poison selected node pairs in the training graph, and then the backdoor will be embedded in the GNN models through the training process. In the inference stage, the backdoor in the GNN models can be activated by simply linking the trigger node to the two end nodes of the unlinked node pairs in the input data, causing the GNN models to produce incorrect link prediction results for the target node pairs.

翻译：图神经网络（GNNs）是一类能够处理图结构数据的深度学习模型，并在多种实际应用中展现出显著性能。近期研究发现，GNN模型易受后门攻击。当输入数据中出现特定模式（称为后门触发器，如子图、节点等）时，嵌入GNN模型的后门被激活，导致输入数据被误分类为攻击者指定的目标类别标签；而当输入中不包含后门触发器时，嵌入GNN模型的后门不会被激活，模型正常工作。后门攻击具有高度隐蔽性，使GNN模型面临严重安全风险。目前，针对GNN的后门攻击研究主要集中在图分类和节点分类等任务上，而对链路预测任务的后门攻击研究较少。本文提出一种基于GNN的链路预测任务后门攻击方法，揭示了GNN模型中此类安全漏洞的存在——当触发器出现时，被植入后门的GNN模型会将原本无连接的两个节点误判为存在链接关系。该方法采用单个节点作为触发器，在训练图中毒化选定的节点对，通过训练过程将后门嵌入GNN模型。在推理阶段，只需在输入数据中将触发器节点与目标无连接节点对的两个端点相连，即可激活GNN模型中的后门，使模型对目标节点对产生错误的链路预测结果。