DShield: Defending against Backdoor Attacks on Graph Neural Networks via Discrepancy Learning
Hao Yu
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · ML Backdoors
Graph Neural Networks (GNNs) have emerged as powerful tools for analyzing complex relational data, finding widespread application in areas like social networks, bioinformatics, and recommender systems. Their ability to model intricate relationships between nodes and edges makes them highly effective for tasks such as node classification, graph classification, and link prediction. However, this growing reliance on GNNs has also attracted the attention of adversaries, leading to the rise of **backdoor attacks** as a significant threat to GNN-based applications. These attacks manipulate a GNN model's behavior by injecting hidden triggers into the training graph, forcing the model to make incorrect predictions when presented with specific trigger patterns.
AI review
Technically legitimate ML security research with a clear problem statement and a multi-component defense pipeline. The two identified phenomena — semantic drift and attribute overemphasize — are credible observations, and the method of using a self-supervised model as a reference to expose poisoned nodes is reasonably clever. But this is a paper presentation, not a security talk, and the threat model's real-world grounding is thin enough that most practitioners will struggle to connect it to anything they're actually defending.