Fixed-point graph convolutional networks against adversarial attacks

TL;DR

This paper introduces Fix-GCN, a novel graph neural network model that enhances robustness against adversarial attacks by capturing higher-order neighborhood information through fixed-point iteration and spectral filtering.

Contribution

The paper proposes a flexible, efficient fixed-point iterative graph convolutional network with spectral filtering to defend against adversarial attacks without extra memory or computational costs.

Findings

Fix-GCN demonstrates increased robustness on benchmark datasets.

The spectral filter effectively attenuates high-frequency adversarial perturbations.

Experimental results show superior performance compared to existing defenses.

Abstract

Adversarial attacks present a significant risk to the integrity and performance of graph neural networks, particularly in tasks where graph structure and node features are vulnerable to manipulation. In this paper, we present a novel model, called fixed-point iterative graph convolutional network (Fix-GCN), which achieves robustness against adversarial perturbations by effectively capturing higher-order node neighborhood information in the graph without additional memory or computational complexity. Specifically, we introduce a versatile spectral modulation filter and derive the feature propagation rule of our model using fixed-point iteration. Unlike traditional defense mechanisms that rely on additional design elements to counteract attacks, the proposed graph filter provides a flexible-pass filtering approach, allowing it to selectively attenuate high-frequency components while preserving low-frequency structural information in the graph signal. By iteratively updating node representations, our model offers a flexible and efficient framework for preserving essential graph information while mitigating the impact of adversarial manipulation. We demonstrate the effectiveness of the proposed model through extensive experiments on various benchmark graph datasets, showcasing its resilience against adversarial attacks.