DefenseVGAE: Defending against Adversarial Attacks on Graph Data via a Variational Graph Autoencoder
This addresses the problem of unreliable GNN outcomes due to adversarial attacks for users in graph-based applications, representing an incremental improvement over prior defense strategies.
The paper tackles the vulnerability of graph neural networks (GNNs) to adversarial structural perturbations by proposing DefenseVGAE, a framework using variational graph autoencoders to reconstruct graph structure and defend against attacks, showing effectiveness in experiments that outperform existing defenses in some settings.
Graph neural networks (GNNs) achieve remarkable performance for tasks on graph data. However, recent works show they are extremely vulnerable to adversarial structural perturbations, making their outcomes unreliable. In this paper, we propose DefenseVGAE, a novel framework leveraging variational graph autoencoders(VGAEs) to defend GNNs against such attacks. DefenseVGAE is trained to reconstruct graph structure. The reconstructed adjacency matrix can reduce the effects of adversarial perturbations and boost the performance of GCNs when facing adversarial attacks. Our experiments on a number of datasets show the effectiveness of the proposed method under various threat models. Under some settings it outperforms existing defense strategies. Our code has been made publicly available at https://github.com/zhangao520/defense-vgae.