Robustness Inspired Graph Backdoor Defense
This work addresses a critical security problem for GNN users in real-world applications, offering a defense against various types of graph backdoor attacks, though it is incremental as it builds on existing defense efforts.
The paper tackles the vulnerability of Graph Neural Networks (GNNs) to diverse backdoor attacks by proposing a defense framework that uses random edge dropping to detect poisoned nodes and a robust training strategy to mitigate attacks, achieving significant reductions in attack success rates while maintaining clean accuracy in experiments on real-world datasets.
Graph Neural Networks (GNNs) have achieved promising results in tasks such as node classification and graph classification. However, recent studies reveal that GNNs are vulnerable to backdoor attacks, posing a significant threat to their real-world adoption. Despite initial efforts to defend against specific graph backdoor attacks, there is no work on defending against various types of backdoor attacks where generated triggers have different properties. Hence, we first empirically verify that prediction variance under edge dropping is a crucial indicator for identifying poisoned nodes. With this observation, we propose using random edge dropping to detect backdoors and theoretically show that it can efficiently distinguish poisoned nodes from clean ones. Furthermore, we introduce a novel robust training strategy to efficiently counteract the impact of the triggers. Extensive experiments on real-world datasets show that our framework can effectively identify poisoned nodes, significantly degrade the attack success rate, and maintain clean accuracy when defending against various types of graph backdoor attacks with different properties.