Multi-Instance Adversarial Attack on GNN-Based Malicious Domain Detection
Mahmoud Nazzal, Issa Khalil, Abdallah Khreishah, NhatHai Phan, Yao Ma
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 5
This talk, presented by Mahmoud Nazzal, delves into the critical security vulnerabilities of Graph Neural Networks (GNNs) when applied to security-critical tasks, specifically **malicious domain detection (MDD)**. While GNNs have demonstrated state-of-the-art performance across various domains by effectively combining local entity information with relational data, their inherent susceptibility to adversarial attacks poses significant challenges in sensitive applications like cybersecurity. The research introduces **MAA (Multi-Instance Adversarial Attack)**, a novel, stealthy, and practical black-box attack designed to evade the detection of multiple malicious domains simultaneously within a GNN-based MDD system.
AI review
This research introduces MAA, a novel, stealthy black-box attack that simultaneously evades detection of multiple malicious domains in GNN-based MDD systems. By framing the problem as a two-objective optimization at the subgraph level, MAA demonstrates a critical, practical vulnerability in state-of-the-art defenses that requires immediate attention from practitioners.