Node Copying for Protection Against Graph Neural Network Topology Attacks
This addresses a security vulnerability in graph-based machine learning for applications relying on graph connectivity, but it is incremental as it builds on prior detection methods by focusing on correction.
The paper tackles the problem of adversarial attacks corrupting graph topology to degrade Graph Neural Network classification performance, proposing a node copying algorithm that mitigates this degradation with experimental effectiveness shown on real-world datasets.
Adversarial attacks can affect the performance of existing deep learning models. With the increased interest in graph based machine learning techniques, there have been investigations which suggest that these models are also vulnerable to attacks. In particular, corruptions of the graph topology can degrade the performance of graph based learning algorithms severely. This is due to the fact that the prediction capability of these algorithms relies mostly on the similarity structure imposed by the graph connectivity. Therefore, detecting the location of the corruption and correcting the induced errors becomes crucial. There has been some recent work which tackles the detection problem, however these methods do not address the effect of the attack on the downstream learning task. In this work, we propose an algorithm that uses node copying to mitigate the degradation in classification that is caused by adversarial attacks. The proposed methodology is applied only after the model for the downstream task is trained and the added computation cost scales well for large graphs. Experimental results show the effectiveness of our approach for several real world datasets.