Author ORCID Identifier

0000-0003-3375-0310

Document Type

Dissertation

Date of Award

5-31-2025

Degree Name

Doctor of Philosophy in Computer Engineering - (Ph.D.)

Department

Electrical and Computer Engineering

First Advisor

Abdallah Khreishah

Second Advisor

Issa Khalil

Third Advisor

Tao Han

Fourth Advisor

Hai Nhat Phan

Fifth Advisor

Cong Wang

Abstract

Artificial intelligence (AI) has achieved remarkable performances across various domains. In most real-world applications, data often takes relational forms, such as graphs and networks, or sequential forms, such as text and time series. As AI evolves, specialized models have emerged to handle these structures; Graph Neural Networks (GNNs) for relational mining and Large Language Models (LLMs) for sequential understanding. Despite their success, these models face challenges in security, robustness, and interpretability. GNNs excel in relational reasoning but are vulnerable to adversarial manipulation and lack interpretability, while LLMs are strong in linguistic reasoning and generalization yet struggle with relational data and inherent security risks.

This dissertation introduces a unified framework that integrates GNNs and LLMs to address security-critical challenges by combining their complementary strengths. This integration assumes a frozen LLM, eliminating the need for expensive fine-tuning or exposure of internal model parameters, thereby allowing the use of state-of-the-art LLMs. The framework is designed to accommodate diverse data modalities across a wide range of AI applications.

Three core contributions at the intersection of GNNs and LLMs for security critical applications are proposed. First, the dissertation introduces a novel inference-time, multi-instance adversarial attack to expose vulnerabilities in GNN-based detection systems. By jointly optimizing perturbations across multiple nodes in malicious domain graphs, the attack achieves over 80% evasion success on real-world datasets without access to model internals. This formalizes the notion of multi-instance attacks against GNNs. Second, a GNN-LLM integration is developed for optimizing prompts in LLM-based source code generation. Generative GNNs are used to efficiently navigate the prompt space of frozen LLMs, leading them to generate secure and functional code in large, non-differentiable search spaces where gradient-based methods are inapplicable. The third contribution proposes a predictive GNN that iteratively guides an LLM to generate conversational contexts that enable context-based jailbreaking attacks on LLMs. This reveals a new form of jailbreak attack targeting the context of interaction rather than the prompt itself, raising critical concerns for LLM safety.

Collectively, these contributions enable secure and robust GNN-LLM integration, improving deployment readiness and guiding future research on AI security with minimal impact on performance.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.