This repository contains Attack-related papers, Defense-related papers, Robustness Certification papers, etc., ranging from 2017 to 2021.
If you find this repo useful, please cite:
A Survey of Adversarial Learning on Graph, Arxiv'20, Link
@article{chen2020survey,
title={A Survey of Adversarial Learning on Graph},
author={Chen, Liang and Li, Jintang and Peng, Jiaying and Xie, Tao and Cao, Zengxu and Xu, Kun and He, Xiangnan and Zheng, Zibin},
journal={arXiv preprint arXiv:2003.05730},
year={2020}
}
Attacking Graph Neural Networks at Scale 📝AAAI workshopNode-Level Membership Inference Attacks Against Graph Neural Networks 📝ArxivReinforcement Learning For Data Poisoning on Graph Neural Networks 📝ArxivVIKING: Adversarial Attack on Network Embeddings via Supervised Network Poisoning 📝PAKDD CodeDeHiB: Deep Hidden Backdoor Attack on Semi-Supervised Learning via Adversarial Perturbation 📝AAAI Graphfool: Targeted Label Adversarial Attack on Graph Embedding 📝Arxiv Towards Revealing Parallel Adversarial Attack on Politician Socialnet of Graph Structure 📝Security and Communication Networks Network Embedding Attack: An Euclidean Distance Based Method 📝MDATA Preserve, Promote, or Attack? GNN Explanation via Topology Perturbation 📝Arxiv
2020
Adversarial Attack on Community Detection by Hiding Individuals 📝WWW Code
Model
CD-ATTACK
Algorithm
Graph generation
Surrogate
GCN
Target Task
Community Detection
Target Model
GCN, Node2vec + K-means, ComE
Baseline
DICE, MBA, RTA
Metric
Hiding performance measure M1 & M2
Dataset
DBLP, Finance
Manipulating Node Similarity Measures in Networks 📝AAMAS
Model
FPTA
Algorithm
Surrogate
Target Task
Node Similarity
Target Model
Node Similarity Measures
Baseline
Random, Greedy, High Jaccard Similarity (HJ)
Metric
Time
Dataset
Barabasi-Albert (BA), Erdos-Renyi (ER)
A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models 📝AAAI Code
Model
GF-Attack
Algorithm
Graph signal processing
Surrogate
Target Task
Node Classification
Target Model
GCN, SGC, DeepWalk, LINE
Baseline
Random, Degree, RL-S2V,
Metric
Accuracy
Dataset
Cora, CiteSeer, Pubmed
Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks 📝BigData
Model
POISONPROBE
Algorithm
Binary search
Surrogate
GCN
Target Task
Node Classification
Target Model
GCN
Baseline
Nettack
Metric
ASR, Recall
Dataset
CiteSeer, Cora-ML
Non-target-specific Node Injection Attacks on Graph Neural Networks: A Hierarchical Reinforcement Learning Approach 📝WWW
Model
NIPA
Algorithm
Reinforcement learning, Nodes injection
Surrogate
GCN
Target Task
Node Classification
Target Model
GCN
Baseline
Random, FGA, Preferential attack
Metric
Accuracy
Dataset
Cora-ML, CiteSeer, Pubmed
Adversarial Attacks on Graph Neural Networks: Perturbations and their Patterns 📝TKDD
Model
Fasttack
Algorithm
Perturbations Impact Ranking
Surrogate
GCN
Target Task
Node Classification
Target Model
GCN, CLN, DeepWalk
Baseline
Random, FGSM
Metric
Classification Margin, Accuracy
Dataset
Cora-ML, CiteSeer, Polblogs, Pubmed
An Efficient Adversarial Attack on Graph Structured Data 📝IJCAI Workshop
Model
Algorithm
Surrogate
Target Task
Target Model
Baseline
Metric
Dataset
Practical Adversarial Attacks on Graph Neural Networks 📝ICML Workshop
Model
GC-RWCS
Algorithm
Greedy
Surrogate
Target Task
Node Classification
Target Model
GCN, JKNetConcat, JKNetMaxpool
Baseline
Random, Degree, Betweenness, PageRank
Metric
Accuracy
Dataset
Cora, CiteSeer, Pubmed
Link Prediction Adversarial Attack Via Iterative Gradient Attack 📝IEEE Trans
Model
IGA
Algorithm
Gradient
Surrogate
GAE
Target Task
Link Prediction
Target Model
GAE, LRW, DeepWalk, Node2vec, CN, RA, Katz
Baseline
RAN, DICE, GA
Metric
ASR, AML
Dataset
NS, Yeast, FaceBook
Adversarial Attacks on Link Prediction Algorithms Based on Graph Neural Networks 📝Asia CCS
Model
GGSP, OGSP
Algorithm
Greedy
Surrogate
Target Task
Link Prediction
Target Model
SEAL
Baseline
Metric
ASR, AUC
Dataset
Cora-ML, CiteSeer, Pubmed
Adversarial attack on BC classification for scale-free networks 📝AIP Chaos
Model
DALR, DILR
Algorithm
Degree
Surrogate
Target Task
Network Structure
Target Model
Broido and Clauset Classification
Baseline
RLR
Metric
Accuracy
Dataset
Networks generated by BA and UCM
Attackability Characterization of Adversarial Evasion Attack on Discrete Data 📝KDD
Efficient Evasion Attacks to Graph Neural Networks via Influence Function 📝Arxiv
Model
Influence-based Attack
Algorithm
Influence Function
Surrogate
Target Task
Node Classification
Target Model
GCN, SGC
Baseline
OTA-KL, OTA-UL, Iter-KL, Iter-UL
Metric
ASR, Running Time
Dataset
Cora, CiteSeer, Pubmed
Reinforcement Learning-based Black-Box Evasion Attacks to Link Prediction in Dynamic Graphs 📝Arxiv
Model
RL-based Attack
Algorithm
Reinforcement Learning
Surrogate
Target Task
Link Prediction
Target Model
DyGCN
Baseline
Random-whole, Random-partial
Metric
F1
Dataset
Haggle, Hypertext, Trapping
Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection 📝Arxiv Adaptive Adversarial Attack on Graph Embedding via GAN 📝SocialSec Scalable Adversarial Attack on Graph Neural Networks with Alternating Direction Method of Multipliers 📝Arxiv One Vertex Attack on Graph Neural Networks-based Spatiotemporal Forecasting 📝ICLR OpenReview Single-Node Attack for Fooling Graph Neural Networks 📝ICLR OpenReview Black-Box Adversarial Attacks on Graph Neural Networks as An Influence Maximization Problem 📝ICLR OpenReview Adversarial Attacks on Deep Graph Matching 📝NeurIPS Black-Box Adversarial Attacks on Graph Neural Networks with Limited Node Access 📝NeurIPS A Graph Matching Attack on Privacy-Preserving Record Linkage 📝CIKM Cross Entropy Attack on Deep Graph Infomax 📝IEEE ISCAS Model Extraction Attacks on Graph Neural Networks: Taxonomy and Realization 📝Arxiv Learning to Deceive Knowledge Graph Augmented Models via Targeted Perturbation 📝ICLR Code Towards More Practical Adversarial Attacks on Graph Neural Networks 📝NeurIPS Code Adversarial Label-Flipping Attack and Defense for Graph Neural Networks 📝ICDM Code Exploratory Adversarial Attacks on Graph Neural Networks 📝ICDM Code Attacking Graph-Based Classification without Changing Existing Connections 📝ACSAC A Targeted Universal Attack on Graph Convolutional Network 📝Arxiv Code Query-free Black-box Adversarial Attacks on Graphs 📝Arxiv
2019
A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning 📝NeurIPS Code
Model
G-SSL
Algorithm
Gradient based asymptotic linear algorithm
Surrogate
Target Task
Classification, Regression
Target Model
Label propagation & regularization algs
Baseline
Random, PageRank, Degree
Metric
Error rate, RMSE
Dataset
cadata, E2006, mnist17, rcv1
Adversarial Examples on Graph Data: Deep Insights into Attack and Defense 📝IJCAI Code
Model
IG-FGSM, IG-JSMA
Algorithm
Gradient
Surrogate
GCN
Target Task
Node Classification
Target Model
GCN
Baseline
FGSM, JSMA, Nettack
Metric
Classification Margin, Accuracy
Dataset
Cora, CiteSeer, PolBlogs
Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective 📝IJCAI Code
Model
PGD, Min-Max
Algorithm
Gradient
Surrogate
GCN
Target Task
Node Classification
Target Model
GCN
Baseline
DICE, Metattack, Greedy
Metric
Misclassification Rate
Dataset
Cora, CiteSeer
Adversarial Attacks on Graph Neural Networks via Meta Learning 📝ICLR Code
Model
Metattack
Algorithm
Gradient
Surrogate
GCN
Target Task
Node Classification
Target Model
GCN, CLN, DeepWalk
Baseline
DICE, Nettack, First-order
Metric
Misclassification Rate, Accuracy
Dataset
Cora, CiteSeer, PolBlogs, PubMed
αCyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model 📝CIKM
Model
HG-Attack
Algorithm
Label propagation algorithm, Nodes injection
Surrogate
Target Task
Malware Detection
Target Model
Orig-HGC
Baseline
AN-Attack
Metric
TP, TN, FP, FN, F1, Precision, Recall, Accuracy
Dataset
Tencent Security Lab Dataset
Data Poisoning Attack against Knowledge Graph Embedding 📝IJCAI
Adversarial Attacks on Node Embeddings via Graph Poisoning 📝ICML Code
Model
Algorithm
Gradient & Eigen-perturbation
Surrogate
DeepWalk
Target Task
Node Classification, Link Prediction
Target Model
DeepWalk
Baseline
Metric
F1 Score, Classification Margin
Dataset
Cora, CiteSeer, PolBlogs
Network Structural Vulnerability A Multi-Objective Attacker Perspective 📝IEEE Trans Multiscale Evolutionary Perturbation Attack on Community Detection 📝Arxiv
Model
EPA
Algorithm
Genetic algorithm
Surrogate
Target Task
Community Detection
Target Model
GRE, INF, LOU
Baseline
,
Metric
NMI, ARI
Dataset
Synthetic networks, Football, Email, Polblogs
Time-aware Gradient Attack on Dynamic Network Link Prediction 📝IJCAI
Model
TGA-Tra, TGA-Gre
Algorithm
Gradient
Surrogate
DDNE
Target Task
Link Prediction
Target Model
DDNE, ctRBM, GTRBM, dynAERNN
Baseline
Random, DGA, CNA
Metric
ASR, AML
Dataset
RADOSLAW, LKML, FB-WOSN
Attacking Graph Convolutional Networks via Rewiring 📝Arxiv
Model
ReWatt
Algorithm
Reinforcement Learning
Surrogate
GCN
Target Task
Graph Classification
Target Model
GCN
Baseline
RL-S2V, RA
Metric
ASR
Dataset
REDDIT-MULTI-12K, REDDIT-MULTI-5K, IMDB-MULTI
Unsupervised Euclidean Distance Attack on Network Embedding 📝Arxiv
Model
EDA
Algorithm
Genetic algorithm
Surrogate
DeepWalk
Target Task
Node Classification, Community Detection
Target Model
HOPE, LPA, EM, DeepWalk
Baseline
Random, DICE, RLS, DBA
Metric
NMI, Micro-F1, Macro-F1
Dataset
Karate, Game, Dolphin
Generalizable Adversarial Attacks with Latent Variable Perturbation Modelling 📝Arxiv
Model
DAGAER
Algorithm
Generative model
Surrogate
VGAE
Target Task
Node Classification
Target Model
GCN
Baseline
Nettack
Metric
ASR
Dataset
Cora, CiteSeer
Vertex Nomination, Consistent Estimation, and Adversarial Modification 📝Arxiv PeerNets Exploiting Peer Wisdom Against Adversarial Attacks 📝ICLR (Poster) Code
2018
Adversarial Attack on Graph Structured Data 📝ICML Code
Personalized privacy protection in social networks through adversarial modeling 📝AAAI Interpretable Stability Bounds for Spectral Graph Filters 📝Arxiv Towards Robust Graph Contrastive Learning 📝Arxiv Unified Robust Training for Graph NeuralNetworks against Label Noise 📝Arxiv An Introduction to Robust Graph Convolutional Networks 📝Arxiv E-GraphSAGE: A Graph Neural Network based Intrusion Detection System 📝Arxiv Spatio-Temporal Sparsification for General Robust Graph Convolution Networks 📝Arxiv Robust graph convolutional networks with directional graph adversarial training 📝Applied Intelligence Detection and Defense of Topological Adversarial Attacks on Graphs 📝AISTATS
2020
Transferring Robustness for Graph Neural Network Against Poisoning Attacks 📝WSDM Code
Model
PA-GNN
Algorithm
Penalized Aggregation, Meta Learning
Defense Type
Structure Based
Target Task
Node Classification
Target Model
GNN
Baseline
GCN, GAT, GCN-Jaccard, RGCN, VPN
Metric
Accuracy
Dataset
Pubmed, Reddit, Yelp
All You Need Is Low (Rank): Defending Against Adversarial Attacks on Graphs 📝WSDM Code
Model
GCN-SVD
Algorithm
SVD
Defense Type
Preprocessing
Target Task
Node Classification
Target Model
GCN
Baseline
GCN
Metric
Accuracy, Classification Margin
Dataset
CiteSeer, Cora-ML, PolBlogs
How Robust Are Graph Neural Networks to Structural Noise? 📝DLGMA
Model
Algorithm
Adversarial Training
Defense Type
Adversarial Training
Target Task
Node Classification
Target Model
GIN
Baseline
GIN
Metric
F1 score
Dataset
Constructed graph
Robust Detection of Adaptive Spammers by Nash Reinforcement Learning 📝KDD Code
Model
Nash-Detect
Algorithm
A minimax game
Defense Type
Detection Based
Target Task
Spam Detection
Target Model
Baseline
Spam Detector
Metric
Practical Effect, Accuracy
Dataset
YelpChi, YelpNYC, YelpZip
Graph Structure Learning for Robust Graph Neural Networks 📝KDD Code
Model
Pro-GNN
Algorithm
Learns the graph structure and the GNN parameters simultaneously
Defense Type
Hybrid
Target Task
Node Classification
Target Model
GCN
Baseline
GAT, GCN-Jaccard, GCN-SVD
Metric
Accuracy
Dataset
Cora, CiteSeer, Polblogs, Pubmed
Robust Graph Representation Learning via Neural Sparsification 📝ICML
Model
NeuralSparse
Algorithm
Subgraphs Sampling
Defense Type
Preprocessing-based
Target Task
Node Classification
Target Model
GCN, GraphSAGE, GAT, GIN
Baseline
SS/RD, DropEdge, LDS
Metric
Micro-F1,AUC, Accuracy
Dataset
Reddit, PPI, Transaction, Cora, CiteSeer
On The Stability of Polynomial Spectral Graph Filters 📝ICASSP Code
Model
Algorithm
Polynomial graph filters
Defense Type
Structure Based
Target Task
Graph signal processing
Target Model
GNN
Baseline
Metric
Laplacian distance
Dataset
Barabási-Albert, Sensor network
Transferring Robustness for Graph Neural Network Against Poisoning Attacks 📝WSDM Code
Model
PA-GNN
Algorithm
Penalized Aggregation, Meta Learning
Defense Type
Structure Based
Target Task
Node Classification
Target Model
GNN
Baseline
GCN, GAT, GCN-Jaccard, RGCN, VPN
Metric
Accuracy
Dataset
Pubmed, Reddit, Yelp
On the Robustness of Cascade Diffusion under Node Attacks 📝WWW Code
Provably Robust Node Classification via Low-Pass Message Passing 📝ICDM AANE: Anomaly Aware Network Embedding For Anomalous Link Detection 📝ICDM Dynamic Knowledge Graph-based Dialogue Generation with Improved Adversarial Meta-Learning 📝Arxiv
Model
KDAD
Algorithm
Adversarial Meta-learning
Defense Type
Objective-based
Target Task
Dialogue Generation
Target Model
Qadpt
Baseline
TAware, Qadpt
Metric
BLEU, PPL, DISTINCT, ...
Dataset
HGZHZ
Robust Collective Classification against Structural Attacks 📝Preprint
Model
R-AMN
Algorithm
Bound Analysis
Defense Type
Objective-based
Target Task
Node Classification
Target Model
AMN
Baseline
Struct-RSAD
Metric
Accuracy
Dataset
Reuters, WebKB, Cora, CiteSeer
Tensor Graph Convolutional Networks for Multi-relational and Robust Learning 📝Arxiv
Model
TGCN
Algorithm
Edge-dithering
Defense Type
Processing-based
Target Task
Node Classification, Protein Prediction
Target Model
GCN
Baseline
GCN
Metric
Accuracy, Macro F1
Dataset
Cora, CiteSeer, Pubmed, Polblogs, ...
Topological Effects on Attacks Against Vertex Classification 📝Arxiv
Model
StratDegree, GreedyCover
Algorithm
GreedyCover
Defense Type
Processing-based
Target Task
Node Classification
Target Model
GCN
Baseline
Random Selection
Metric
Required budget, Median margin
Dataset
Cora, CiteSeer, Pubmed, Polblogs
Evaluating Graph Vulnerability and Robustness using TIGER 📝Arxiv
Model
TIGER
Algorithm
Defense Type
Hybrid
Target Task
Node Classification
Target Model
Baseline
Metric
Average vertex betweenness, Spectral scaling, Effective resistance
Dataset
US power grid, Water Distribution Network
Adversarial Perturbations of Opinion Dynamics in Networks 📝Arxiv
Model
Algorithm
Defense Type
Target Task
Network Disruption
Target Model
Opinion dynamics models
Baseline
Metric
Polarization-disagreement index
Dataset
DefenseVGAE: Defending against Adversarial Attacks on Graph Data via a Variational Graph Autoencoder 📝Arxiv Code
Model
DefenceVGAE
Algorithm
VGAE
Defense Type
Processing-based
Target Task
Node Classification
Target Model
GCN
Baseline
GCN-Jaccard, GCN-SVD, RGCN
Metric
Accuracy
Dataset
Cora, CiteSeer, PolBlogs
GNNGuard: Defending Graph Neural Networks against Adversarial Attacks 📝NeurIPS Code
Model
GNNGuard
Algorithm
Network theory of homophily
Defense Type
Structure-based
Target Task
Node Classification
Target Model
GCN, GAT, GIN, ...
Baseline
GNN-Jaccard, RobustGCN, GNN-SVD
Metric
Accuracy
Dataset
Cora, CiteSeer, ogbn-arxiv, DP
Adversarial Privacy Preserving Graph Embedding against Inference Attack 📝Arxiv Code
Model
APDGE
Algorithm
Adversarial Privacy-Purged
Defense Type
Structure-based
Target Task
Privacy Protection
Target Model
GAE
Baseline
GAE RM, CDSPIA
Metric
Macro F1
Dataset
Yale, Rochester
RoGAT: a robust GNN combined revised GAT with adjusted graphs 📝Arxiv ResGCN: Attention-based Deep Residual Modeling for Anomaly Detection on Attributed Networks 📝Arxiv A Novel Defending Scheme for Graph-Based Classification Against Graph Structure Manipulating Attack 📝SocialSec Iterative Deep Graph Learning for Graph Neural Networks: Better and Robust Node Embeddings 📝NeurIPS Code Towards Robust Graph Neural Networks against Label Noise 📝ICLR OpenReview Graph Adversarial Networks: Protecting Information against Adversarial Attacks 📝ICLR OpenReview Code Ricci-GNN: Defending Against Structural Attacks Through a Geometric Approach 📝ICLR OpenReview Reliable Graph Neural Networks via Robust Aggregation 📝NeurIPS Code Graph Random Neural Networks for Semi-Supervised Learning on Graphs 📝NeurIPS Code Variational Inference for Graph Convolutional Networks in the Absence of Graph Data and Adversarial Settings 📝NeurIPS Code Provable Overlapping Community Detection in Weighted Graphs 📝NeurIPS Community detection in sparse time-evolving graphs with a dynamical Bethe-Hessian 📝NeurIPS Node Copying for Protection Against Graph Neural Network Topology Attacks 📝Arxiv A Feature-Importance-Aware and Robust Aggregator for GCN 📝CIKM Code Anti-perturbation of Online Social Networks by Graph Label Transition 📝Arxiv Graph Information Bottleneck 📝NeurIPS Code Adversarial Detection on Graph Structured Data 📝PPMLP Graph Contrastive Learning with Augmentations 📝NeurIPS Code Learning Graph Embedding with Adversarial Training Methods 📝IEEE Transactions on Cybernetics Unsupervised Adversarially-Robust Representation Learning on Graphs 📝Arxiv I-GCN: Robust Graph Convolutional Network via Influence Mechanism 📝Arxiv Adversary for Social Good: Protecting Familial Privacy through Joint Adversarial Attacks 📝AAAI Smoothing Adversarial Training for GNN 📝IEEE TCSS Graph Structure Reshaping Against Adversarial Attacks on Graph Neural Networks
📝NIPS under review
Code
2019
Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective 📝IJCAI Code
Model
Algorithm
Adversarial Training
Defense Type
Adversarial Training
Target Task
Node Classification
Target Model
GCN
Baseline
GCN
Metric
Misclassification Rate, Accuracy
Dataset
Cora, CiteSeer
Adversarial Examples on Graph Data: Deep Insights into Attack and Defense 📝IJCAI Code
Model
GCN-Jaccard
Algorithm
Drop Edges
Defense Type
Preprocessing
Target Task
Node Classification
Target Model
GCN
Baseline
GCN
Metric
Classification Margin, Accuracy
Dataset
Cora-ML, CiteSeer, PolBlogs
Investigating Robustness and Interpretability of Link Prediction via Adversarial Modifications 📝NAACL Code
Model
CRIAGE
Algorithm
Adversarial Modification
Defense Type
Robustness Evaluation
Target Task
Link Prediction
Target Model
Knowledge Graph Embedding
Baseline
Metric
Hits@K, MRR
Dataset
Nations, Kinship, WN18, YAGO3-10
Robust Graph Convolutional Networks Against Adversarial Attacks 📝KDD Code
Model
RGCN
Algorithm
Gaussian-based Graph Convolution and Attention Mechanism
Defense Type
Structure Based
Target Task
Node Classification
Target Model
GCN
Baseline
GCN, GAT
Metric
Accuracy
Dataset
Cora, CiteSeer, Pubmed
Virtual Adversarial Training on Graph Convolutional Networks in Node Classification 📝PRCV
Model
SVAT, DVAT
Algorithm
Virtual Adversarial Training
Defense Type
Adversarial Training
Target Task
Node Classification
Target Model
GCN
Baseline
GCN
Metric
Accuracy
Dataset
Cora, CiteSeer, Pubmed
Comparing and Detecting Adversarial Attacks for Graph Deep Learning 📝RLGM@ICLR
Adversarial Robustness of Similarity-Based Link Prediction 📝ICDM
Model
IDOpt, IDRank
Algorithm
Integer Program, Edge Ranking
Defense Type
Target Task
Link Prediction
Target Model
Similarity-based Link Prediction Models
Baseline
PPN
Metric
DPR
Dataset
PA, PLD, TVShow, Gov
mproving Robustness to Attacks Against Vertex Classification 📝MLG@KDD
Model
SVM with a radial basis function kernel
Algorithm
Augmented Feature, Edge Selecting
Defense Type
Hybrid
Target Task
Node Classification
Target Model
SVM
Baseline
GCN
Metric
Classification Marigin
Dataset
Cora, CiteSeer
Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure 📝TKDE Code
Model
GCN-GATV
Algorithm
raph Adversarial Training, Virtual Adversarial Training
Defense Type
Adversarial Training
Target Task
Node Classification
Target Model
GCN
Baseline
LP, DeepWalk, SemiEmb, Planetoid, GCN, GraphSGAN
Metric
Accuracy
Dataset
Cora, CiteSeer, NELL
Adversarial Training Methods for Network Embedding 📝WWW Code
Model
AdvT4NE
Algorithm
Adversarial Training
Defense Type
Adversarial Training
Target Task
Network embedding
Target Model
Deepwalk
Baseline
GF,DeepWalk, LINE,Node2vec, ...
Metric
Accuracy
Dataset
Cora, CiteSeer, Wiki, CA-GrQc, CA-HepTh
GraphDefense: Towards Robust Graph Convolutional Networks 📝Arxiv
Model
GraphDefense
Algorithm
Adversarial Training
Defense Type
Adversarial Training
Target Task
Node Classification
Target Model
GCN
Baseline
Drop Edges, Discrete Adversarial Training
Metric
Accuracy
Dataset
Cora, CiteSeer, Reddit
Can Adversarial Network Attack be Defended? 📝Arxiv
Model
Global-AT, Target-AT, SD, SCEL
Algorithm
Adversarial Training, Smooth Defense
Defense Type
Hybrid
Target Task
Node Classification
Target Model
GNN
Baseline
AT
Metric
ADR, ACD
Dataset
Cora, CiteSeer, PolBlogs
Edge Dithering for Robust Adaptive Graph Convolutional Networks 📝Arxiv
Model
AGCN
Algorithm
Adaptive GCN with Edge Dithering
Defense Type
Structure Based
Target Task
Node Classification
Target Model
GCN
Baseline
GCN
Metric
Accuracy
Dataset
Cora, CiteSeer, Pubmed, PolBlogs
GraphSAC: Detecting anomalies in large-scale graphs 📝Arxiv
Model
GraphSVC
Algorithm
Random, Consensus
Defense Type
Detection Based
Target Task
Anomaly Detection
Target Model
Anomaly Model
Baseline
GAE, Amen, Radar, Degree, ...
Metric
AUC
Dataset
Cora, CiteSeer, Pubmed, PolBlogs
Adversarial Defense Framework for Graph Neural Network 📝Arxiv
Model
DefNet
Algorithm
GAN, GER, ACL
Defense Type
Hybrid
Target Task
Node Classification
Target Model
GCN, GraphSAGE
Baseline
GCN, GraphSAGE
Metric
Classification Margin
Dataset
Cora, CiteSeer, PolBlogs
Graph Interpolating Activation Improves Both Natural and Robust Accuracies in Data-Efficient Deep Learning 📝Arxiv Code Adversarial Embedding: A robust and elusive Steganography and Watermarking technique 📝Arxiv Examining Adversarial Learning against Graph-based IoT Malware Detection Systems 📝Arxiv Target Defense Against Link-Prediction-Based Attacks via Evolutionary Perturbations 📝Arxiv Bayesian graph convolutional neural networks for semi-supervised classification 📝AAAI Code
2018
Adversarial Personalized Ranking for Recommendation 📝SIGIR Code
Model
APR, AMF
Algorithm
Adversarial Training based on MF-BPR
Defense Type
Adversarial Training
Target Task
Recommendation
Target Model
MF-BPR
Baseline
ItemPop, MF-BPR, CDAE, NeuMF, IRGAN
Metric
HR, NDCG
Dataset
Yelp, Pinterest, Gowalla
2017
Adversarial Sets for Regularising Neural Link Predictors 📝UAI Code
Collective Robustness Certificates 📝ICLR21 Adversarial Immunization for Improving Certifiable Robustness on Graphs 📝WSDM'21 Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning 📝AAAI'20
Model
RAWEN
Algorithm
Adversarial PAC-Bayesian learning
Defense Type
Objective Based
Target Task
Node Embedding
Target Model
Wasserstein embedding
Baseline
GF, LINE, Node2vec, SDNE ...
Metric
Presion, Recall, AUC, F1
Dataset
Wiki-Vote, Epinions, Google, Email,Wiki
Certifying Robustness of Graph Laplacian Based Semi-Supervised Learning 📝ICLR'21 OpenReview Certified Robustness of Graph Convolution Networks for Graph Classification under Topological Attacks 📝NeurIPS'20 Code Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing 📝WWW'20 Efficient Robustness Certificates for Discrete Data: Sparsity - Aware Randomized Smoothing for Graphs, Images and More 📝ICML'20 Code Abstract Interpretation based Robustness Certification for Graph Convolutional Networks 📝ECAI'20 Certifiable Robustness of Graph Convolutional Networks under Structure Perturbation 📝KDD'20 Code Certified Robustness of Graph Classification against Topology Attack with Randomized Smoothing 📝NeurIPS'20 Certified Robustness of Graph Neural Networks against Adversarial Structural Perturbation 📝Arxiv'20 Certifiable Robustness and Robust Training for Graph Convolutional Networks 📝KDD'19 Code Certifiable Robustness to Graph Perturbations 📝NeurIPS'19 Code
Graph and Graphon Neural Network Stability 📝Arxiv'20 On the Stability of Graph Convolutional Neural Networks under Edge Rewiring 📝Arxiv'20 Stability of Graph Neural Networks to Relative Perturbations
📝ICASSP'20 Graph Neural Networks: Architectures, Stability and Transferability 📝Arxiv'20 Stability Properties of Graph Neural Networks 📝Arxiv'19 Stability and Generalization of Graph Convolutional Neural Networks 📝KDD'19 Code When Do GNNs Work: Understanding and Improving Neighborhood Aggregation 📝IJCAI'19 Workshop Code Should Graph Convolution Trust Neighbors? A Simple Causal Inference Method 📝Arxiv'20
Deep Graph Structure Learning for Robust Representations: A Survey 📝IJCAI'21 Survey trackGraph Neural Networks Taxonomy, Advances and Trends 📝Arxiv'20 A Survey of Adversarial Learning on Graph 📝Arxiv'20 Adversarial Attacks and Defenses on Graphs: A Review and Empirical Study 📝Arxiv'20 Adversarial Attacks and Defenses in Images, Graphs and Text: A Review 📝Arxiv'19 Adversarial Attack and Defense on Graph Data: A Survey 📝Arxiv'18 Deep Learning on Graphs A Survey 📝Arxiv'18