Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective

Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective

Kaidi Xu, Hongge Chen, Sijia Liu, Pin-Yu Chen, Tsui-Wei Weng, Mingyi Hong, Xue Lin

Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence
Main track. Pages 3961-3967. https://doi.org/10.24963/ijcai.2019/550

Graph neural networks (GNNs) which apply the deep neural networks to graph data have achieved significant performance for the task of semi-supervised node classification. However, only few work has addressed the adversarial robustness of GNNs. In this paper, we first present a novel gradient-based attack method that facilitates the difficulty of tackling discrete graph data. When comparing to current adversarial attacks on GNNs, the results show that by only perturbing a small number of edge perturbations, including addition and deletion, our optimization-based attack can lead to a noticeable decrease in classification performance. Moreover, leveraging our gradient-based attack, we propose the first optimization-based adversarial training for GNNs. Our method yields higher robustness against both different gradient based and greedy attack methods without sacrifice classification accuracy on original graph.
Keywords:
Machine Learning: Adversarial Machine Learning
Machine Learning: Deep Learning
Machine Learning: Semi-Supervised Learning