Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation

TL;DR

This paper introduces CHAGNN, a novel defense framework that enhances GNN robustness against Graph Injection Attacks by iteratively reducing heterophily through cooperative homophilous augmentation and pseudo-labeling.

Contribution

The paper proposes a new defense method against GIA that uses cooperative homophilous augmentation and pseudo-labeling, with theoretical analysis and empirical validation.

Findings

CHAGNN significantly improves robustness against GIA.

Theoretical guarantees support the effectiveness of homophilous augmentation.

Experimental results outperform recent defense methods on real datasets.

Abstract

Recent studies show that Graph Neural Networks(GNNs) are vulnerable and easily fooled by small perturbations, which has raised considerable concerns for adapting GNNs in various safety-critical applications. In this work, we focus on the emerging but critical attack, namely, Graph Injection Attack(GIA), in which the adversary poisons the graph by injecting fake nodes instead of modifying existing structures or node attributes. Inspired by findings that the adversarial attacks are related to the increased heterophily on perturbed graphs (the adversary tends to connect dissimilar nodes), we propose a general defense framework CHAGNN against GIA through cooperative homophilous augmentation of graph data and model. Specifically, the model generates pseudo-labels for unlabeled nodes in each round of training to reduce heterophilous edges of nodes with distinct labels. The cleaner graph is fed back to the model, producing more informative pseudo-labels. In such an iterative manner, model robustness is then promisingly enhanced. We present the theoretical analysis of the effect of homophilous augmentation and provide the guarantee of the proposal's validity. Experimental results empirically demonstrate the effectiveness of CHAGNN in comparison with recent state-of-the-art defense methods on diverse real-world datasets.