STUDY SPACE
Cross-Context Backdoor Attacks against Graph Prompt Learning

Cross-Context Backdoor Attacks against Graph Prompt Learning

August 25-29, 2024, Barcelona, Spain | Xiaoting Lyu, Yufei Han, Wei Wang, Hangwei Qian, Ivor Tsang, Xiangliang Zhang
This paper addresses the security risks posed by backdoor attacks in Graph Prompt Learning (GPL), a method that bridges the gap between pretraining and downstream applications in graph learning. The authors introduce CrossBA, the first cross-context backdoor attack designed for GPL, which manipulates only the pretraining phase without requiring knowledge of downstream applications. CrossBA leverages the tuning of trigger graphs and prompt transformations to transfer backdoor threats from pretrained encoders to downstream applications. Extensive experiments across five distinct cross-context scenarios and five benchmark datasets for node and graph classification tasks demonstrate that CrossBA consistently achieves high attack success rates while maintaining the functionality of downstream applications. The study also explores potential countermeasures and concludes that current defenses are insufficient to mitigate CrossBA. The findings highlight the persistent backdoor threats to GPL systems, raising concerns about the trustworthiness of GPL techniques.This paper addresses the security risks posed by backdoor attacks in Graph Prompt Learning (GPL), a method that bridges the gap between pretraining and downstream applications in graph learning. The authors introduce CrossBA, the first cross-context backdoor attack designed for GPL, which manipulates only the pretraining phase without requiring knowledge of downstream applications. CrossBA leverages the tuning of trigger graphs and prompt transformations to transfer backdoor threats from pretrained encoders to downstream applications. Extensive experiments across five distinct cross-context scenarios and five benchmark datasets for node and graph classification tasks demonstrate that CrossBA consistently achieves high attack success rates while maintaining the functionality of downstream applications. The study also explores potential countermeasures and concludes that current defenses are insufficient to mitigate CrossBA. The findings highlight the persistent backdoor threats to GPL systems, raising concerns about the trustworthiness of GPL techniques.
Terms of Service
Privacy Policy
Reach us at info@study.space