Benchmarking Backdoor Attacks on Graph Convolution Neural Networks: A Comprehensive Analysis of Poisoning Techniques

Rupesh Raj Karn; Ozgur Sinanoglu

doi:10.1007/978-3-031-80408-3_10

Benchmarking Backdoor Attacks on Graph Convolution Neural Networks: A Comprehensive Analysis of Poisoning Techniques

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This paper presents a first-of-its-kind systematic analysis of various backdoor attacks on Graph Convolution Neural Networks (GCNNs). By implementing a wide range of backdoor attack strategies, including trigger node injection, edge modification, feature poisoning, subgraph manipulation, etc., we evaluate the degradation in classification accuracy for target classes and assess the collateral impact on non-target class predictions. Using the widely established Cora and Amazon Co-purchase Network datasets, we provide important case studies and reference points for both attackers and security defenders, sharing essential insights into the severity of each attack method. Our findings highlight the vulnerability of GCNNs to different types of backdoor attacks, underscoring the need for robust defense mechanisms. This work aims to serve as a first-of-its-kind reference for future research in developing and evaluating security measures for GCNNs and GNNs in general.

Original language	English (US)
Title of host publication	Security, Privacy, and Applied Cryptography Engineering - 14th International Conference, SPACE 2024, Proceedings
Editors	Johann Knechtel, Urbi Chatterjee, Domenic Forte
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	149-174
Number of pages	26
ISBN (Print)	9783031804076
DOIs	https://doi.org/10.1007/978-3-031-80408-3_10
State	Published - 2025
Event	14th International Conference on Security, Privacy and Applied Cryptographic Engineering, SPACE 2024 - Kottayam, India Duration: Dec 14 2024 → Dec 17 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	15351 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Conference on Security, Privacy and Applied Cryptographic Engineering, SPACE 2024
Country/Territory	India
City	Kottayam
Period	12/14/24 → 12/17/24

Keywords

Backdoor Attack
Benchmark
Graph Convolution Neural Networks
Poisoning
Target Label
Trigger Class

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-031-80408-3_10

Cite this

Karn, R. R., & Sinanoglu, O. (2025). Benchmarking Backdoor Attacks on Graph Convolution Neural Networks: A Comprehensive Analysis of Poisoning Techniques. In J. Knechtel, U. Chatterjee, & D. Forte (Eds.), Security, Privacy, and Applied Cryptography Engineering - 14th International Conference, SPACE 2024, Proceedings (pp. 149-174). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15351 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-80408-3_10

Benchmarking Backdoor Attacks on Graph Convolution Neural Networks: A Comprehensive Analysis of Poisoning Techniques. / Karn, Rupesh Raj; Sinanoglu, Ozgur.
Security, Privacy, and Applied Cryptography Engineering - 14th International Conference, SPACE 2024, Proceedings. ed. / Johann Knechtel; Urbi Chatterjee; Domenic Forte. Springer Science and Business Media Deutschland GmbH, 2025. p. 149-174 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15351 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Karn, RR & Sinanoglu, O 2025, Benchmarking Backdoor Attacks on Graph Convolution Neural Networks: A Comprehensive Analysis of Poisoning Techniques. in J Knechtel, U Chatterjee & D Forte (eds), Security, Privacy, and Applied Cryptography Engineering - 14th International Conference, SPACE 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 15351 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 149-174, 14th International Conference on Security, Privacy and Applied Cryptographic Engineering, SPACE 2024, Kottayam, India, 12/14/24. https://doi.org/10.1007/978-3-031-80408-3_10

Karn RR, Sinanoglu O. Benchmarking Backdoor Attacks on Graph Convolution Neural Networks: A Comprehensive Analysis of Poisoning Techniques. In Knechtel J, Chatterjee U, Forte D, editors, Security, Privacy, and Applied Cryptography Engineering - 14th International Conference, SPACE 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 149-174. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-80408-3_10

Karn, Rupesh Raj ; Sinanoglu, Ozgur. / Benchmarking Backdoor Attacks on Graph Convolution Neural Networks : A Comprehensive Analysis of Poisoning Techniques. Security, Privacy, and Applied Cryptography Engineering - 14th International Conference, SPACE 2024, Proceedings. editor / Johann Knechtel ; Urbi Chatterjee ; Domenic Forte. Springer Science and Business Media Deutschland GmbH, 2025. pp. 149-174 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{3d9d4c86e5cf4fc993ff430be389a557,

title = "Benchmarking Backdoor Attacks on Graph Convolution Neural Networks: A Comprehensive Analysis of Poisoning Techniques",

abstract = "This paper presents a first-of-its-kind systematic analysis of various backdoor attacks on Graph Convolution Neural Networks (GCNNs). By implementing a wide range of backdoor attack strategies, including trigger node injection, edge modification, feature poisoning, subgraph manipulation, etc., we evaluate the degradation in classification accuracy for target classes and assess the collateral impact on non-target class predictions. Using the widely established Cora and Amazon Co-purchase Network datasets, we provide important case studies and reference points for both attackers and security defenders, sharing essential insights into the severity of each attack method. Our findings highlight the vulnerability of GCNNs to different types of backdoor attacks, underscoring the need for robust defense mechanisms. This work aims to serve as a first-of-its-kind reference for future research in developing and evaluating security measures for GCNNs and GNNs in general.",

keywords = "Backdoor Attack, Benchmark, Graph Convolution Neural Networks, Poisoning, Target Label, Trigger Class",

author = "Karn, {Rupesh Raj} and Ozgur Sinanoglu",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 14th International Conference on Security, Privacy and Applied Cryptographic Engineering, SPACE 2024 ; Conference date: 14-12-2024 Through 17-12-2024",

year = "2025",

doi = "10.1007/978-3-031-80408-3_10",

language = "English (US)",

isbn = "9783031804076",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "149--174",

editor = "Johann Knechtel and Urbi Chatterjee and Domenic Forte",

booktitle = "Security, Privacy, and Applied Cryptography Engineering - 14th International Conference, SPACE 2024, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Benchmarking Backdoor Attacks on Graph Convolution Neural Networks

T2 - 14th International Conference on Security, Privacy and Applied Cryptographic Engineering, SPACE 2024

AU - Karn, Rupesh Raj

AU - Sinanoglu, Ozgur

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025

Y1 - 2025

N2 - This paper presents a first-of-its-kind systematic analysis of various backdoor attacks on Graph Convolution Neural Networks (GCNNs). By implementing a wide range of backdoor attack strategies, including trigger node injection, edge modification, feature poisoning, subgraph manipulation, etc., we evaluate the degradation in classification accuracy for target classes and assess the collateral impact on non-target class predictions. Using the widely established Cora and Amazon Co-purchase Network datasets, we provide important case studies and reference points for both attackers and security defenders, sharing essential insights into the severity of each attack method. Our findings highlight the vulnerability of GCNNs to different types of backdoor attacks, underscoring the need for robust defense mechanisms. This work aims to serve as a first-of-its-kind reference for future research in developing and evaluating security measures for GCNNs and GNNs in general.

AB - This paper presents a first-of-its-kind systematic analysis of various backdoor attacks on Graph Convolution Neural Networks (GCNNs). By implementing a wide range of backdoor attack strategies, including trigger node injection, edge modification, feature poisoning, subgraph manipulation, etc., we evaluate the degradation in classification accuracy for target classes and assess the collateral impact on non-target class predictions. Using the widely established Cora and Amazon Co-purchase Network datasets, we provide important case studies and reference points for both attackers and security defenders, sharing essential insights into the severity of each attack method. Our findings highlight the vulnerability of GCNNs to different types of backdoor attacks, underscoring the need for robust defense mechanisms. This work aims to serve as a first-of-its-kind reference for future research in developing and evaluating security measures for GCNNs and GNNs in general.

KW - Backdoor Attack

KW - Benchmark

KW - Graph Convolution Neural Networks

KW - Poisoning

KW - Target Label

KW - Trigger Class

UR - http://www.scopus.com/inward/record.url?scp=85213365153&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85213365153&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-80408-3_10

DO - 10.1007/978-3-031-80408-3_10

M3 - Conference contribution

AN - SCOPUS:85213365153

SN - 9783031804076

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 149

EP - 174

BT - Security, Privacy, and Applied Cryptography Engineering - 14th International Conference, SPACE 2024, Proceedings

A2 - Knechtel, Johann

A2 - Chatterjee, Urbi

A2 - Forte, Domenic

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 14 December 2024 through 17 December 2024

ER -