We are very excited to announce the acceptance of our most recent work, “Attacking Graph Neural Networks with Bit Flips: Weisfeiler and Leman Go Indifferent” at ACM SIGKDD 2024 in Barcelona, Spain!

In this work, we explore Graph Neural Network (GNN) expressivity as a potential security vulnerability that can be exploited by attackers using gradient-based bit-search methods. We propose the first bit flip attack specifically designed for GNNs, which targets the learnable neighborhood aggregation functions used in message passing, degrading the ability of GNNs to distinguish graph structures. We illustrate that with our dedicated attack, GNNs can be degraded much faster than by bit flip attacks ported from Convolutional Neural Networks (CNNs).

In subsequent research, we plan to further explore the theoretical properties which increase or decrease susceptibility of GNNs to this type of attack and intend to design novel methods to increase GNN robustness.