Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective

TL;DR

This paper introduces a novel gradient-based attack method on GNNs and proposes an optimization-based adversarial training approach, significantly improving robustness against various attacks while maintaining accuracy.

Contribution

It presents the first optimization-based adversarial training method for GNNs, enhancing their robustness against gradient-based and greedy attacks.

Findings

Small edge perturbations drastically reduce GNN performance.

The proposed attack outperforms existing methods in effectiveness.

Adversarial training improves GNN robustness without accuracy loss.

Abstract

Graph neural networks (GNNs) which apply the deep neural networks to graph data have achieved significant performance for the task of semi-supervised node classification. However, only few work has addressed the adversarial robustness of GNNs. In this paper, we first present a novel gradient-based attack method that facilitates the difficulty of tackling discrete graph data. When comparing to current adversarial attacks on GNNs, the results show that by only perturbing a small number of edge perturbations, including addition and deletion, our optimization-based attack can lead to a noticeable decrease in classification performance. Moreover, leveraging our gradient-based attack, we propose the first optimization-based adversarial training for GNNs. Our method yields higher robustness against both different gradient based and greedy attack methods without sacrificing classification accuracy on original graph.