📄
Abstract - Structural Adversarial Attacks on Relational Deep Learning under Integrity Constraints
Relational Deep Learning (RDL) has become a standard methodology for machine learning on relational databases: the database is encoded as a heterogeneous temporal graph in which tuples become nodes and primary-key to foreign-key (PK-FK) dependencies become typed edges, over which a graph neural network is trained for downstream prediction. We study the adversarial robustness of this pipeline. We consider a white-box attacker who knows how the graph is built and the model is trained, reasons about perturbations on the graph, but can only act on the upstream database, by rewiring foreign-key references while preserving the integrity constraints of the schema (foreign-key validity, the degree-one FK constraint, and functional dependencies). This restricts the attacker to a constrained, combinatorial set of admissible edits under a global perturbation budget, which is intractable to explore exhaustively and made non-additive by GNN message passing. We investigate seven attack heuristics - two random sampling baselines and five gradient-guided variants that exploit differentiable edge masks - and evaluate them on the RelBench rel-f1 benchmark. Gradient-based attacks consistently outperform random baselines on regression tasks, whereas gains on classification are smaller, which we attribute to low label-flip rates and greater local stability of classification outputs.
完整性约束下对关系深度学习的结构对抗攻击 /
Structural Adversarial Attacks on Relational Deep Learning under Integrity Constraints
1️⃣ 一句话总结
本文研究了在关系深度学习(将数据库转化为图并用图神经网络进行预测)流程中,攻击者如何在只能修改数据库外键且不违反完整性约束(如外键有效性)的条件下,通过几种基于梯度的启发式方法有效构造对抗性扰动,并发现这些攻击在回归任务上显著优于随机方法,但在分类任务上效果有限。