Home

Awesome

GraphBackdoor

This is a light-weight implementation of our USENIX Security'21 paper Graph Backdoor. To be convenient for relevant projects, we simplify following functionalities with a higher running efficiency:

If you aim to compare the performance between this work and your novel attacks, or develop a defense against it, feel free to use this release on your work due to its easier accessibility and higher efficiency.

Guide

We organize the structure of our files as follows:

.
├──  dataset/                  # keep all original dataset you may use
├──  main/
│   ├──  attack.py             # end-to-end attack codes
│   ├──  benign.py             # benign training/evaluation codes
│   └──  example.sh            # examples of running commands
├──  model/
│   ├──  gcn.py                # dgl-based GCN
│   └──  sage.py               # dgl-based GraphSAGE
├──  save/                     # temporary dir to save your trained models/perturbed data
├──  utils/
│   ├──  batch.py              # collate_batch function
│   ├──  bkdcdd.py             # codes to select victim graphs and trigger regions
│   ├──  datareader.sh         # data loader codes
│   ├──  graph.py              # simple utility function(s) related to graph processing
│   └──  mask.py               # the mask functions to scale graphs into same size or scale back
└──  config.py                 # all configurations            

Required packages

Useful resources:

Run the code

You can directly run the attack by python -u ./main/attack.py --use_org_node_attr --train_verbose --dataset <used dataset in ./dataset/> --target_class <set up a targeted class>. We put some example commands in ./main/example.sh.

Cite

Please cite our paper if it is helpful in your own work:

@inproceedings{xi2021graph,
  title={Graph backdoor},
  author={Xi, Zhaohan and Pang, Ren and Ji, Shouling and Wang, Ting},
  booktitle={30th $\{$USENIX$\}$ Security Symposium ($\{$USENIX$\}$ Security 21)},
  year={2021}
}