Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Query-Based and Unnoticeable Graph Injection Attack from Neighborhood Perspective
Authors: Chang Liu, Hai Huang, Xingquan Zuo
IJCAI 2025 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on six real-world datasets with diverse characteristics demonstrate that QUGIA achieves unnoticeable attacks and outperforms state-of-the-art attackers. The code can be found at https://github.com/1234238/QUGIA |
| Researcher Affiliation | Academia | Chang Liu , Hai Huang , Xingquan Zuo Beijing University of Posts and Telecommunications EMAIL |
| Pseudocode | Yes | Algorithm 1 QUGIA Input: Graph G = (A, X), target node set Vt, injection node attack budget n, injection node edge budget e, maximum iterations T, Dirichlet parameters, structural selection score |p|, model-predicted label function f(), node labels Y . |
| Open Source Code | Yes | The code can be found at https://github.com/1234238/QUGIA |
| Open Datasets | Yes | We evaluate our approach on six datasets, covering both discrete and continuous features. The discrete datasets include Cora and Citeseer [Yang et al., 2016], while the continuous datasets comprise Pubmed [Sen et al., 2008], the GRBredefined versions of Cora and Citeseer [Zheng et al., 2021], and the ar Xiv dataset from OGB [Hu et al., 2020]. |
| Dataset Splits | Yes | In this paper, we focus on the semi-supervised node classification task. The nodes used during training are denoted as Vtrain. For each node u in Vtrain, there is a corresponding label yu YL, where YL Y and Y = {1, 2, . . . , C}. YL represents the set of labeled nodes. During the testing phase, the trained GNN model predicts the labels of the nodes in Vtest = V \ Vtrain based on the subgraph Gtest. ... We adopt a data-splitting strategy similar to those used in prior studies [Chen et al., 2022; Zheng et al., 2021]. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., exact GPU/CPU models, processor types, or memory amounts) used for running its experiments. |
| Software Dependencies | No | The paper does not provide specific ancillary software details (e.g., library or solver names with version numbers) needed to replicate the experiment. |
| Experiment Setup | Yes | Here, γ represents the confidence score of Latk. A higher γ implies a stronger attack effect but results in a greater distance from the decision boundary. To ensure the attack remains as close to the decision boundary as possible, we set γ = 0.05. ... The number of inserted nodes is defined as |VI| = a|V |, where a represents the percentage of the total number of nodes in the clean graph. To evaluate the performance of various attack methods under different attack constraints, we set a to 1%, 3%, and 5%. ... All attack methods were executed using five different random seeds, and we report both the mean and variance of the results across these five runs. |