GUARD: Graph Universal Adversarial Defense

TL;DR

GUARD is a universal, efficient defense method for GCNs that protects individual nodes from targeted adversarial attacks using a single, node-agnostic defensive patch, significantly enhancing robustness without affecting overall performance.

Contribution

The paper introduces GUARD, a simple, universal defense approach that applies a single patch to protect any node in a GCN from targeted attacks, without modifying network architecture.

Findings

GUARD significantly improves GCN robustness against multiple attacks.

GUARD outperforms state-of-the-art defense methods.

GUARD is fast, easy to implement, and broadly applicable.

Abstract

Graph convolutional networks (GCNs) have been shown to be vulnerable to small adversarial perturbations, which becomes a severe threat and largely limits their applications in security-critical scenarios. To mitigate such a threat, considerable research efforts have been devoted to increasing the robustness of GCNs against adversarial attacks. However, current defense approaches are typically designed to prevent GCNs from untargeted adversarial attacks and focus on overall performance, making it challenging to protect important local nodes from more powerful targeted adversarial attacks. Additionally, a trade-off between robustness and performance is often made in existing research. Such limitations highlight the need for developing an effective and efficient approach that can defend local nodes against targeted attacks, without compromising the overall performance of GCNs. In this work, we present a simple yet effective method, named Graph Universal Adversarial Defense (GUARD). Unlike previous works, GUARD protects each individual node from attacks with a universal defensive patch, which is generated once and can be applied to any node (node-agnostic) in a graph. GUARD is fast, straightforward to implement without any change to network architecture nor any additional parameters, and is broadly applicable to any GCNs. Extensive experiments on four benchmark datasets demonstrate that GUARD significantly improves robustness for several established GCNs against multiple adversarial attacks and outperforms state-of-the-art defense methods by large margins.