Understanding the Robustness of Graph Neural Networks against Adversarial Attacks

TL;DR

This paper presents a large-scale empirical study on the robustness of graph neural networks against adversarial attacks, introducing new evaluation metrics and guidelines for designing more robust models.

Contribution

It is the first comprehensive empirical framework analyzing GNN robustness considering graph patterns, architecture, and capacity, with new metrics and actionable guidelines.

Findings

11 guidelines for robust GNN design

Introduction of confidence-based decision surface metric

Analysis of adversarial transferability in GNNs

Abstract

Recent studies have shown that graph neural networks (GNNs) are vulnerable to adversarial attacks, posing significant challenges to their deployment in safety-critical scenarios. This vulnerability has spurred a growing focus on designing robust GNNs. Despite this interest, current advancements have predominantly relied on empirical trial and error, resulting in a limited understanding of the robustness of GNNs against adversarial attacks. To address this issue, we conduct the first large-scale systematic study on the adversarial robustness of GNNs by considering the patterns of input graphs, the architecture of GNNs, and their model capacity, along with discussions on sensitive neurons and adversarial transferability. This work proposes a comprehensive empirical framework for analyzing the adversarial robustness of GNNs. To support the analysis of adversarial robustness in GNNs, we introduce two evaluation metrics: the confidence-based decision surface and the accuracy-based adversarial transferability rate. Through experimental analysis, we derive 11 actionable guidelines for designing robust GNNs, enabling model developers to gain deeper insights. The code of this study is available at https://github.com/star4455/GraphRE.