Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective

DOI 1 Citations
  • Kaidi Xu
    Electrical & Computer Engineering, Northeastern University, Boston, USA
  • Hongge Chen
    Electrical Engineering & Computer Science, Massachusetts Institute of Technology, Cambridge, USA
  • Sijia Liu
    MIT-IBM Watson AI Lab, IBM Research
  • Pin-Yu Chen
    MIT-IBM Watson AI Lab, IBM Research
  • Tsui-Wei Weng
    Electrical Engineering & Computer Science, Massachusetts Institute of Technology, Cambridge, USA
  • Mingyi Hong
    Electrical & Computer Engineering, University of Minnesota, Minneapolis, USA
  • Xue Lin
    Electrical & Computer Engineering, Northeastern University, Boston, USA

Description

<jats:p>Graph neural networks (GNNs) which apply the deep neural networks to graph data have achieved significant performance for the task of semi-supervised node classification. However, only few work has addressed the adversarial robustness of GNNs. In this paper, we first present a novel gradient-based attack method that facilitates the difficulty of tackling discrete graph data. When comparing to current adversarial attacks on GNNs, the results show that by only perturbing a small number of edge perturbations, including addition and deletion, our optimization-based attack can lead to a noticeable decrease in classification performance. Moreover, leveraging our gradient-based attack, we propose the first optimization-based adversarial training for GNNs. Our method yields higher robustness against both different gradient based and greedy attack methods without sacrifice classification accuracy on original graph.</jats:p>

Journal

Citations (1)*help

See more

Details 詳細情報について

Report a problem

Back to top