Core Concepts
The author proposes a self-guided GSR framework to enhance robustness against adversarial attacks by utilizing a clean sub-graph and addressing technical challenges. The approach outperforms existing methods under various attack scenarios.
Abstract
The paper introduces SG-GSR, a novel framework for defending against adversarial attacks on graph neural networks. It addresses limitations of existing methods by extracting a clean sub-graph and implementing graph augmentation and group-training strategies. Experimental results demonstrate the effectiveness of SG-GSR across different attack scenarios, including non-targeted attacks, targeted attacks, feature attacks, e-commerce fraud, and noisy node labels.
Recent studies have highlighted the vulnerability of GNNs to adversarial attacks, emphasizing the need for robust defense mechanisms. Existing GSR methods are limited by assumptions like clean node features and moderate structural attacks. The proposed SG-GSR framework aims to overcome these limitations by leveraging a clean sub-graph found within the attacked graph itself.
The key contributions of the paper include discovering narrow assumptions in existing GSR methods that limit their real-world applicability, introducing SG-GSR as a solution that extracts a clean sub-graph while addressing technical challenges, and demonstrating superior performance in node classification under various attack scenarios.
Stats
Recent studies have revealed that GNNs are vulnerable to adversarial attacks.
Extensive experiments demonstrate the effectiveness of SG-GSR under various scenarios.
Fig. 1(a) demonstrates the performance drop of feature-based GSR methods under noisy or attacked node features.
Fig. 1(b) shows the performance drop of multi-faceted methods as perturbation ratio increases.
PA-GNN employs external clean graphs obtained from similar domains as proxy structures.
The proposed method consists of three steps: extracting a confidently clean sub-graph, training a robust GSR module based on it, and refining the target attacked graph.
Quotes
"We propose a self-guided GSR framework (SG-GSR), which utilizes a clean sub-graph found within the given attacked graph itself."
"Our code is available at https://github.com/yeonjun-in/torch-SG-GSR."