search

danielzuegner / nettack

Implementation of the paper "Adversarial Attacks on Neural Networks for Graph Data".
https://www.cs.cit.tum.de/daml/forschung/nettack/
MIT License
218 stars 56 forks source link

Question about surrogate model #15

Closed jujulili888 closed 2 years ago

jujulili888 commented 2 years ago

Hi Daniel, Sorry to bother you. After reading your code, I have a question about the type of the attack. Do the parameters of the surrogate model continue to be updated like training process during an attack? Is that actually a evasion attack?

danielzuegner commented 2 years ago

Hi,

The surrogate model's parameters are not changed during the attack. It's like an evasion attack on the surrogate model, but a poisoning attack on the actual downstream model, which is subsequently trained on the perturbed data.

Hope that helps, let me know if you have more questions.

Best,

Daniel

jujulili888 commented 2 years ago

Hi,

The surrogate model's parameters are not changed during the attack. It's like an evasion attack on the surrogate model, but a poisoning attack on the actual downstream model, which is subsequently trained on the perturbed data.

Hope that helps, let me know if you have more questions.

Best,

Daniel

Thanks for your explanation! Now I got it!