Graph Neural Networks (GNNs) have found applications in various domains, such as natural language processing, social network analysis, recommendation systems, etc. Due to its widespread usage, improving the defences of GNNs has emerged as a critical challenge. While exploring the mechanisms vulnerable to an attack, researchers came across Bit Flip Attacks (BFAs). Conventionally, BFAs were developed for Convolutional Neural Networks (CNNs), but recent developments have shown that these are extendable to GNNs. Current methods of defence that GNNs have critical limitations; they either cannot entirely restore the network after the attack or require expensive post-attack evaluations. Therefore, researchers at the University of Vienna have developed a novel solution, Crossfire, that can effectively use the existing defence mechanisms and restore the networks.
Bit-flipping attacks manipulate individual bits within a deep learning model’s binary code. This considerably weakens the model’s performance, creating serious security risks. Honeypots and hashing-based defences are prominent current defence mechanisms. Honeypot defences function by including several decoy elements within the system; any alteration to one or more elements may indicate an attack. Attackers, however, now bypass these weights. Hashing-based defences use strong cryptographic hashing to detect changes in weights. They cannot, however, fix the resulting damage.
The proposed model, Crossfire, is an adaptive, hybrid model that detects BFAs by honeypot and hashing-based defences and restores the model after an attack using a bit-level weight correction. The key-mechanism of Crossfire are:
- Bit-wise Redundancy Encoding: Crossfire sets some weights to zero to decrease the number of active weights in the GNN. This guides the attackers to less critical weights, preventing substantial damage. Hashing continuously monitors the active weights, detecting any changes. Honeypot weights are strategically placed to attract attackers and quickly identify if they are attacked.
- Elastic Weight Rectification: First layer hashes identify where the alteration has been made after the attack, then row and column hashes point out the exact location. Corrections are done using honeypot at the bit level or zeroed if other options fail.
Across 2,160 experiments, Crossfire demonstrated a 21.8% higher probability of reconstructing an attacked GNN to its pre-attack state than competing methods. The framework improved post-repair prediction quality by 10.85% on average. Crossfire maintained high performance for up to 55-bit flips from various attacks. Furthermore, the framework’s adaptive nature allows it to dynamically allocate computational resources based on detected attack severity, making it an efficient and scalable solution.
In conclusion, Crossfire considerably improves the resilience of GNN defences against bit-flip attacks with a new, efficient and highly effective adaptive method. Crossfire’s highly dynamic response carefully adjusts to the severity of attacks, guaranteeing strong security and outstanding efficiency and setting a decisively new standard for securing GNNs in challenging adversarial environments. Because it’s scalable and practical, it offers a promising way to improve the reliability of GNN-based applications across multiple fields.
Check out the Paper. All credit for this research goes to the researchers of this project. Also, don’t forget to follow us on Twitter and join our Telegram Channel and LinkedIn Group. Don’t Forget to join our 75k+ ML SubReddit.
The post Meet Crossfire: An Elastic Defense Framework for Graph Neural Networks under Bit Flip Attacks appeared first on MarkTechPost.
Source: Read MoreÂ
