Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
119 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Adversarial Training for Graph Neural Networks: Pitfalls, Solutions, and New Directions (2306.15427v2)

Published 27 Jun 2023 in cs.LG

Abstract: Despite its success in the image domain, adversarial training did not (yet) stand out as an effective defense for Graph Neural Networks (GNNs) against graph structure perturbations. In the pursuit of fixing adversarial training (1) we show and overcome fundamental theoretical as well as practical limitations of the adopted graph learning setting in prior work; (2) we reveal that more flexible GNNs based on learnable graph diffusion are able to adjust to adversarial perturbations, while the learned message passing scheme is naturally interpretable; (3) we introduce the first attack for structure perturbations that, while targeting multiple nodes at once, is capable of handling global (graph-level) as well as local (node-level) constraints. Including these contributions, we demonstrate that adversarial training is a state-of-the-art defense against adversarial structure perturbations.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (54)
  1. Towards deep learning models resistant to adversarial attacks. In ICLR, 2018.
  2. Topology attack and defense for graph neural networks: An optimization perspective. In IJCAI, 2019.
  3. Towards an efficient and general framework of robust training for graph neural networks. In ICASSP, 2020.
  4. Semi-supervised classification with graph convolutional networks. In ICLR, 2017.
  5. Combining neural networks with personalized pagerank for classification on graphs. In ICLR, 2019.
  6. Revisiting robustness in graph machine learning. In ICLR, 2023.
  7. Adversarial attacks on neural networks for graph data. In KDD, 2018.
  8. Deeper insights into graph convolutional networks for semi-supervised learning. In AAAI, 2018.
  9. Semi-Supervised Learning (Adaptive Computation and Machine Learning). 2006.
  10. Revisiting semi-supervised learning with graph embeddings. In ICML, 2016.
  11. Open graph benchmark: Datasets for machine learning on graphs. In NeurIPS, 2020.
  12. Stephan Günnemann. Graph neural networks: Adversarial robustness. In Graph Neural Networks: Foundations, Frontiers, and Applications. 2022.
  13. Adaptive universal generalized pagerank graph neural network. In ICLR, 2021.
  14. Convolutional neural networks on graphs with chebyshev approximation, revisited. In NeurIPS, 2022.
  15. Analyzing the expressive power of graph neural networks in a spectral perspective. In ICLR, 2021.
  16. W.W. Zachary. An information flow model for conflict and fission in small groups. Journal of Anthropological Research, 1977.
  17. Robustness of graph neural networks at scale. In NeurIPS, 2021.
  18. Intriguing properties of neural networks. In ICLR, 2014.
  19. Analyzing data-centric properties for graph contrastive learning. In NeurIPS, 2022.
  20. First-order methods for constrained optimization. In Optimization for Data Analysis. 2022.
  21. Knapsack Problems. 2004.
  22. Wild patterns: Ten years after the rise of adversarial machine learning. In ACM SIGSAC Conference on Computer and Communications Security, 2018.
  23. Deep gaussian embedding of graphs: Unsupervised inductive learning via ranking. In ICLR, 2018.
  24. Collective classification in network data. AI Magazine, 2008.
  25. Wiki-cs: A wikipedia-based benchmark for graph neural networks. arXiv:2007.02901, 2020.
  26. Benchmarking graph neural networks, 2022.
  27. A critical look at the evaluation of GNNs under heterophily: Are we really making progress? In ICLR, 2023.
  28. Contextual stochastic block models. NeurIPS, 2018.
  29. Graph attention networks. In ICLR, 2018.
  30. Graph random neural networks for semi-supervised learning on graphs. In NeurIPS, 2020.
  31. Are defenses for graph neural networks robust? In NeurIPS, 2022.
  32. Efficient robustness certificates for discrete data: Sparsity-aware randomized smoothing for graphs, images and more. In ICML, 2020.
  33. Stability properties of graph neural networks. IEEE Trans. Signal Process., 2020.
  34. Batch virtual adversarial training for graph convolutional networks. In arXiv:1902.09192, 2019.
  35. Graph adversarial training: Dynamically regularizing based on graph structure. IEEE Transactions on Knowledge and Data Engineering, 2019.
  36. Latent adversarial training of graph convolution networks. In ICML Workshop on Learning and Reasoning with Graph-Structured Data, 2019.
  37. Smoothing adversarial training for gnn. IEEE Transactions on Computational Social Systems, 2021.
  38. Spectral adversarial training for robust graph neural network. In TKDE, 2022.
  39. Learning robust representation through graph adversarial contrastive learning. In Database Systems for Advanced Applications. 2022.
  40. Graph robustness benchmark: Benchmarking the adversarial robustness of graph machine learning. NeurIPS, 2021.
  41. Randomized message-interception smoothing: Gray-box certificates for graph neural networks. In NeurIPS, 2022.
  42. Hiding individuals and communities in a social network. Nature Human Behaviour, 2, 2018.
  43. Certifiable robustness to graph perturbations. In Hanna M. Wallach, Hugo Larochelle, Alina Beygelzimer, Florence d’Alché-Buc, Emily B. Fox, and Roman Garnett, editors, NeurIPS, 2019.
  44. Certifiable robustness of graph convolutional networks under structure perturbations. In Rajesh Gupta, Yan Liu, Jiliang Tang, and B. Aditya Prakash, editors, KDD, 2020.
  45. Collective robustness certificates: Exploiting interdependence in graph neural networks. In ICLR, 2021.
  46. Reliable graph neural networks via robust aggregation. In NeurIPS, 2020.
  47. Adversarial attacks on graph neural networks via meta learning. In ICLR, 2019.
  48. Robust graph convolutional networks against adversarial attacks. In KDD, 2019.
  49. Adversarial attack on graph structured data. In ICML, 2018.
  50. All you need is low (rank): Defending against adversarial attacks on graphs. In WSDM, 2020.
  51. Adversarial examples for graph data: Deep insights into attack and defense. In IJCAI, 2019.
  52. Gnnguard: Defending graph neural networks against adversarial attacks. In NeurIPS, 2020.
  53. Understanding and improving graph injection attack by promoting unnoticeability. In ICLR, 2022.
  54. Generalization of neural combinatorial solvers through the lens of adversarial robustness. In ICLR, 2022.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (6)
  1. Lukas Gosch (8 papers)
  2. Simon Geisler (24 papers)
  3. Daniel Sturm (3 papers)
  4. Bertrand Charpentier (21 papers)
  5. Daniel Zügner (23 papers)
  6. Stephan Günnemann (169 papers)
Citations (15)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now