Structural Adversarial Attacks on Relational Deep Learning under Integrity Constraints

· Source: Machine Learning · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Expert, quick

Summary

Relational Deep Learning (RDL) systems, which convert relational databases into heterogeneous temporal graphs for GNN-based prediction, are vulnerable to structural adversarial attacks. Researchers investigated a white-box attacker model that rewires foreign-key references while strictly preserving database integrity constraints like foreign-key validity and functional dependencies. This creates a complex, combinatorial attack space that is intractable to explore exhaustively. The study evaluated seven attack heuristics, including two random baselines and five gradient-guided variants that leverage differentiable edge masks. On the RelBench rel-f1 benchmark, gradient-based attacks consistently outperformed random baselines for regression tasks. However, gains were smaller for classification, attributed to lower label-flip rates and increased local stability of classification outputs.

Key takeaway

For AI Security Engineers developing or deploying Relational Deep Learning systems, understanding the specific vulnerabilities to structural adversarial attacks is crucial. You should prioritize robust defenses against gradient-based attacks, especially for regression models, as these methods significantly outperform random perturbations even under strict database integrity constraints. Consider implementing monitoring for foreign-key reference changes that could indicate malicious activity.

Key insights

Relational Deep Learning models are susceptible to structural adversarial attacks that manipulate foreign-key references while maintaining database integrity.

Principles

Method

The study investigates seven attack heuristics, including two random sampling baselines and five gradient-guided variants that exploit differentiable edge masks to perturb graph structures by rewiring foreign-key references.

In practice

Topics

Best for: Research Scientist, AI Scientist, Machine Learning Engineer, AI Security Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Machine Learning.