To address the insufficient robustness of heterogeneous graph node classification models under adversarial attacks, this paper proposes HeteroKRLAttack—the first black-box, target-oriented adversarial attack method specifically designed for heterogeneous graphs. HeteroKRLAttack innovatively integrates a Top-K pruning mechanism into a Proximal Policy Optimization (PPO) reinforcement learning framework, enabling efficient structural perturbation search within a constrained action space. It leverages meta-path modeling and gradient-free policy optimization while significantly compressing the high-dimensional discrete action space to enhance both attack efficiency and success rate. Extensive experiments on multiple heterogeneous graph benchmarks show that HeteroKRLAttack reduces the target model’s accuracy by an average of 32.7%. Ablation studies confirm that the Top-K module alone contributes a 19.4% improvement in attack success rate, underscoring its critical role in the overall framework.

Graph Neural Networks (GNNs) have attracted substantial interest due to their exceptional performance on graph-based data. However, their robustness, especially on heterogeneous graphs, remains underexplored, particularly against adversarial attacks. This paper proposes HeteroKRLAttack, a targeted evasion black-box attack method for heterogeneous graphs. By integrating reinforcement learning with a Top-K algorithm to reduce the action space, our method efficiently identifies effective attack strategies to disrupt node classification tasks. We validate the effectiveness of HeteroKRLAttack through experiments on multiple heterogeneous graph datasets, showing significant reductions in classification accuracy compared to baseline methods. An ablation study underscores the critical role of the Top-K algorithm in enhancing attack performance. Our findings highlight potential vulnerabilities in current models and provide guidance for future defense strategies against adversarial attacks on heterogeneous graphs.