| CPC G06F 21/64 (2013.01) [G06F 21/32 (2013.01); G06F 21/44 (2013.01); G06F 21/55 (2013.01); G06F 2221/033 (2013.01)] | 17 Claims |
|
1. A method, in a data processing system, for detecting adversarial attacks on graph data structures, the method comprising:
generating, by a first graph fingerprint engine, for a first graph data structure, a first fingerprint data structure based on features extracted from the first graph data structure;
receiving a second graph data structure;
generating, by a second graph fingerprint engine, a second graph fingerprint data structure-based on features extracted from the second graph data structure;
comparing, by an adversarial attack detection engine, the first fingerprint data structure to the second fingerprint data structure to determine whether the first fingerprint data structure matches the second fingerprint data structure; and
in response to the first fingerprint data structure not matching the second fingerprint data structure, outputting, by the adversarial attack detection engine, an output indicating that the second data structure corresponds to an adversarial attack,
wherein the second graph data structure is the same graph data structure as the first graph data structure in response to the second graph data structure not having perturbation differences from the first graph data structure, and wherein the second graph data structure is different from the first graph data structure in response to adversarial perturbations being introduced into the first graph data structure.
|