On the Adversarial Robustness of Graph Neural Networks with Graph Reduction
This addresses the vulnerability of scalable GNN systems to adversarial attacks, providing practical insights for robust design, though it is an incremental empirical study.
This paper investigates how graph reduction techniques affect the adversarial robustness of Graph Neural Networks, finding that sparsification can mitigate some poisoning attacks while coarsening amplifies adversarial impact and reduces classification accuracy significantly with higher reduction ratios.
As Graph Neural Networks (GNNs) become increasingly popular for learning from large-scale graph data across various domains, their susceptibility to adversarial attacks when using graph reduction techniques for scalability remains underexplored. In this paper, we present an extensive empirical study to investigate the impact of graph reduction techniques, specifically graph coarsening and sparsification, on the robustness of GNNs against adversarial attacks. Through extensive experiments involving multiple datasets and GNN architectures, we examine the effects of four sparsification and six coarsening methods on the poisoning attacks. Our results indicate that, while graph sparsification can mitigate the effectiveness of certain poisoning attacks, such as Mettack, it has limited impact on others, like PGD. Conversely, graph coarsening tends to amplify the adversarial impact, significantly reducing classification accuracy as the reduction ratio decreases. Additionally, we provide a novel analysis of the causes driving these effects and examine how defensive GNN models perform under graph reduction, offering practical insights for designing robust GNNs within graph acceleration systems.