Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective
This addresses the adversarial vulnerability of GNNs, which is crucial for applications relying on graph data, though it is incremental as it builds on existing attack and defense concepts.
The authors tackled the problem of adversarial robustness in Graph Neural Networks (GNNs) by developing a gradient-based attack method that perturbs edges, resulting in a noticeable decrease in classification performance with only a small number of edge perturbations, and they proposed an optimization-based adversarial training method that yields higher robustness against attacks without sacrificing accuracy on the original graph.
Graph neural networks (GNNs) which apply the deep neural networks to graph data have achieved significant performance for the task of semi-supervised node classification. However, only few work has addressed the adversarial robustness of GNNs. In this paper, we first present a novel gradient-based attack method that facilitates the difficulty of tackling discrete graph data. When comparing to current adversarial attacks on GNNs, the results show that by only perturbing a small number of edge perturbations, including addition and deletion, our optimization-based attack can lead to a noticeable decrease in classification performance. Moreover, leveraging our gradient-based attack, we propose the first optimization-based adversarial training for GNNs. Our method yields higher robustness against both different gradient based and greedy attack methods without sacrificing classification accuracy on original graph.