Knowledge Graph Attacks

Knowledge graphs store information as entity-relationship triples (subject → predicate → object) and support multi-hop reasoning through graph traversal. Attacks target the relational structure itself: injecting false relationships, creating circular references causing infinite traversal, poisoning entity embeddings in graph neural networks, and manipulating graph topology to bias traversal algorithms. The assumption violated is that graph consistency implies correctness — a syntactically valid graph with poisoned relationships produces confident but false answers.

• Graph consistency checking: detect contradictory relationships, cycles, and abnormal topology changes
• Monitor entity degree distributions for sudden changes (hub injection)
• Validate new triples against external reference ontologies
• Observable signal: graph traversal queries returning entities or relationships that didn't exist in previous snapshots

Knowledge graph attacks feed T8 (Deception) when poisoned graph queries produce false but internally consistent answers. Graph-based authorization manipulation chains to T11 (Agentic Exploitation) when agents make access control decisions based on graph queries.