Are Defenses for Graph Neural Networks Robust?

被引:0
|
作者
Mujkanovic, Felix [1 ,2 ]
Geisler, Simon [1 ,2 ]
Guennemann, Stephan [1 ,2 ]
Bojchevski, Aleksandar [3 ]
机构
[1] Tech Univ Munich, Dept Comp Sci, Munich, Germany
[2] Tech Univ Munich, Munich Data Sci Inst, Munich, Germany
[3] CISPA Helmholtz Ctr Informat Secur, Saarbrucken, Germany
来源
ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 35 (NEURIPS 2022) | 2022年
关键词
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
A cursory reading of the literature suggests that we have made a lot of progress in designing effective adversarial defenses for Graph Neural Networks (GNNs). Yet, the standard methodology has a serious flaw - virtually all of the defenses are evaluated against non-adaptive attacks leading to overly optimistic robustness estimates. We perform a thorough robustness analysis of 7 of the most popular defenses spanning the entire spectrum of strategies, i.e., aimed at improving the graph, the architecture, or the training. The results are sobering - most defenses show no or only marginal improvement compared to an undefended baseline. We advocate using custom adaptive attacks as a gold standard and we outline the lessons we learned from successfully designing such attacks. Moreover, our diverse collection of perturbed graphs forms a (black-box) unit test offering a first glance at a model's robustness.(1)
引用
收藏
页数:15
相关论文
共 50 条
  • [11] Robust Knowledge Adaptation for Dynamic Graph Neural Networks
    Li, Hanjie
    Li, Changsheng
    Feng, Kaituo
    Yuan, Ye
    Wang, Guoren
    Zha, Hongyuan
    IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2024, 36 (11) : 6920 - 6933
  • [12] Reliable Graph Neural Networks via Robust Aggregation
    Geisler, Simon
    Zuegner, Daniel
    Guennemann, Stephan
    ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 33, NEURIPS 2020, 2020, 33
  • [13] Robust spatial filtering with graph convolutional neural networks
    2017, arXiv
  • [14] Robust Graph Neural Networks via Ensemble Learning
    Lin, Qi
    Yu, Shuo
    Sun, Ke
    Zhao, Wenhong
    Alfarraj, Osama
    Tolba, Amr
    Xia, Feng
    MATHEMATICS, 2022, 10 (08)
  • [15] Robust graph neural networks based on feature fusion
    Jin, Yan
    Shi, Haoyu
    Meng, Huaiye
    JOURNAL OF SUPERCOMPUTING, 2025, 81 (02):
  • [16] Towards Robust Representations of Spatial Networks Using Graph Neural Networks
    Iddianozie, Chidubem
    McArdle, Gavin
    APPLIED SCIENCES-BASEL, 2021, 11 (15):
  • [17] Enhancing Node-Level Adversarial Defenses by Lipschitz Regularization of Graph Neural Networks
    Jia, Yaning
    Zou, Dongmian
    Wang, Hongfei
    Jin, Hai
    PROCEEDINGS OF THE 29TH ACM SIGKDD CONFERENCE ON KNOWLEDGE DISCOVERY AND DATA MINING, KDD 2023, 2023, : 951 - 963
  • [18] Robust Graph Neural Networks via Probabilistic Lipschitz Constraints
    Arghal, Raghu
    Lei, Eric
    Bidokhti, Shirin Saeedi
    LEARNING FOR DYNAMICS AND CONTROL CONFERENCE, VOL 168, 2022, 168
  • [19] DropAGG: Robust Graph Neural Networks via Drop Aggregation
    Jiang, Bo
    Chen, Yong
    Wang, Beibei
    Xu, Haiyun
    Luo, Bin
    NEURAL NETWORKS, 2023, 163 : 65 - 74
  • [20] RoadTagger: Robust Road Attribute Inference with Graph Neural Networks
    He, Songtao
    Bastani, Favyen
    Jagwani, Satvat
    Park, Edward
    Abbar, Sofiane
    Alizadeh, Mohammad
    Balakrishnan, Hari
    Chawla, Sanjay
    Madden, Samuel
    Sadeghi, Mohammad Amin
    THIRTY-FOURTH AAAI CONFERENCE ON ARTIFICIAL INTELLIGENCE, THE THIRTY-SECOND INNOVATIVE APPLICATIONS OF ARTIFICIAL INTELLIGENCE CONFERENCE AND THE TENTH AAAI SYMPOSIUM ON EDUCATIONAL ADVANCES IN ARTIFICIAL INTELLIGENCE, 2020, 34 : 10965 - 10972
12345