research-article

Robust Graph Convolutional Networks Against Adversarial Attacks

Authors:

Wenwu ZhuAuthors Info & Claims

KDD '19: Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining

Pages 1399 - 1407

https://doi.org/10.1145/3292500.3330851

Published: 25 July 2019 Publication History

Abstract

Graph Convolutional Networks (GCNs) are an emerging type of neural network model on graphs which have achieved state-of-the-art performance in the task of node classification. However, recent studies show that GCNs are vulnerable to adversarial attacks, i.e. small deliberate perturbations in graph structures and node attributes, which poses great challenges for applying GCNs to real world applications. How to enhance the robustness of GCNs remains a critical open problem. To address this problem, we propose Robust GCN (RGCN), a novel model that "fortifies'' GCNs against adversarial attacks. Specifically, instead of representing nodes as vectors, our method adopts Gaussian distributions as the hidden representations of nodes in each convolutional layer. In this way, when the graph is attacked, our model can automatically absorb the effects of adversarial changes in the variances of the Gaussian distributions. Moreover, to remedy the propagation of adversarial attacks in GCNs, we propose a variance-based attention mechanism, i.e. assigning different weights to node neighborhoods according to their variances when performing convolutions. Extensive experimental results demonstrate that our proposed method can effectively improve the robustness of GCNs. On three benchmark graphs, our RGCN consistently shows a substantial gain in node classification accuracy compared with state-of-the-art GCNs against various adversarial attack strategies.

References

[1]

Aleksandar Bojchevski and Stephan Günnemann. 2018. Deep Gaussian Embedding of Graphs: Unsupervised Inductive Learning via Ranking. In Proceedings of the 7th International Conference on Learning Representations.

[2]

Michael M Bronstein, Joan Bruna, Yann LeCun, Arthur Szlam, and Pierre Vandergheynst. 2017. Geometric deep learning: going beyond euclidean data. IEEE Signal Processing Magazine, Vol. 34, 4 (2017), 18--42.

[3]

Joan Bruna, Wojciech Zaremba, Arthur Szlam, and Yann Lecun. 2014. Spectral networks and locally connected networks on graphs. In Proceedings of the 3rd International Conference on Learning Representations.

[4]

Jie Chen, Tengfei Ma, and Cao Xiao. 2018. FastGCN: fast learning with graph convolutional networks via importance sampling. In Proceedings of the 7th International Conference on Learning Representations.

[5]

Jianfei Chen, Jun Zhu, and Le Song. 2018. Stochastic Training of Graph Convolutional Networks with Variance Reduction. In International Conference on Machine Learning. 941--949.

[6]

Djork-Arné Clevert, Thomas Unterthiner, and Sepp Hochreiter. 2016. Fast and accurate deep network learning by exponential linear units (elus). In Proceedings of the 5th International Conference on Learning Representations.

[7]

Hanjun Dai, Hui Li, Tian Tian, Xin Huang, Lin Wang, Jun Zhu, and Le Song. 2018. Adversarial Attack on Graph Structured Data. In Proceedings of the 35th International Conference on Machine Learning. 1115--1124.

[8]

Michaël Defferrard, Xavier Bresson, and Pierre Vandergheynst. 2016. Convolutional neural networks on graphs with fast localized spectral filtering. In Advances in Neural Information Processing Systems. 3844--3852.

Digital Library

[9]

Carl Doersch. 2016. Tutorial on variational autoencoders. arXiv preprint arXiv:1606.05908 (2016).

[10]

Justin Gilmer, Samuel S Schoenholz, Patrick F Riley, Oriol Vinyals, and George E Dahl. 2017. Neural Message Passing for Quantum Chemistry. In International Conference on Machine Learning. 1263--1272.

Digital Library

[11]

Xavier Glorot and Yoshua Bengio. 2010. Understanding the difficulty of training deep feedforward neural networks. In Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics. 249--256.

[12]

Will Hamilton, Zhitao Ying, and Jure Leskovec. 2017. Inductive representation learning on large graphs. In Advances in Neural Information Processing Systems. 1024--1034.

Digital Library

[13]

David K Hammond, Pierre Vandergheynst, and Rémi Gribonval. 2011. Wavelets on graphs via spectral graph theory. Applied and Computational Harmonic Analysis, Vol. 30, 2 (2011), 129--150.

[14]

Wenbing Huang, Tong Zhang, Yu Rong, and Junzhou Huang. 2018. Adaptive Sampling Towards Fast Graph Representation Learning. In Advances in Neural Information Processing Systems. 4563--4572.

Digital Library

[15]

Steven Kearnes, Kevin McCloskey, Marc Berndl, Vijay Pande, and Patrick Riley. 2016. Molecular graph convolutions: moving beyond fingerprints. Journal of Computer-Aided Molecular Design, Vol. 30, 8 (2016), 595--608.

[16]

Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. In Proceedings of the 3rd International Conference on Learning Representations.

[17]

Thomas N Kipf and Max Welling. 2016. Variational graph auto-encoders. arXiv preprint arXiv:1611.07308 (2016).

[18]

Thomas N Kipf and Max Welling. 2017. Semi-supervised classification with graph convolutional networks. In Proceedings of the 6th International Conference on Learning Representations.

[19]

Solomon Kullback and Richard A Leibler. 1951. On information and sufficiency. The annals of mathematical statistics, Vol. 22, 1 (1951), 79--86.

[20]

Jianxin Ma, Peng Cui, Kun Kuang, Xin Wang, and Wenwu Zhu. 2019. Disentangled Graph Convolutional Networks. In International Conference on Machine Learning.

[21]

Vinod Nair and Geoffrey E Hinton. 2010. Rectified linear units improve restricted boltzmann machines. In Proceedings of the 27th international conference on machine learning (ICML-10). 807--814.

Digital Library

[22]

Valentin Vladimirovich Petrov. 2012. Sums of independent random variables. Vol. 82. Springer Science & Business Media.

[23]

Michael Schlichtkrull, Thomas N. Kipf, Peter Bloem, Rianne Van Den Berg, Ivan Titov, and Max Welling. 2018. Modeling Relational Data with Graph Convolutional Networks. (2018), 593--607.

[24]

Prithviraj Sen, Galileo Namata, Mustafa Bilgic, Lise Getoor, Brian Galligher, and Tina Eliassi-Rad. 2008. Collective classification in network data. AI magazine, Vol. 29, 3 (2008), 93.

[25]

David I Shuman, Sunil K Narang, Pascal Frossard, Antonio Ortega, and Pierre Vandergheynst. 2013. The emerging field of signal processing on graphs: Extending high-dimensional data analysis to networks and other irregular domains. IEEE Signal Processing Magazine (2013).

[26]

Martin Simonovsky and Nikos Komodakis. 2017. Dynamic edgeconditioned filters in convolutional neural networks on graphs. In 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[27]

Lichao Sun, Ji Wang, Philip S Yu, and Bo Li. 2018. Adversarial Attack and Defense on Graph Data: A Survey. arXiv preprint arXiv:1812.10528 (2018).

[28]

Kiran K Thekumparampil, Chong Wang, Sewoong Oh, and Li-Jia Li. 2018. Attention-based graph neural network for semi-supervised learning. arXiv preprint arXiv:1803.03735 (2018).

[29]

Ke Tu, Jianxin Ma, Peng Cui, Jian Pei, and Wenwu Zhu. 2019. AutoNE: Hyperparameter Optimization for Massive Network Embedding. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.

Digital Library

[30]

Petar Velickovic, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, and Yoshua Bengio. 2018. Graph attention networks. In Proceedings of the 7th International Conference on Learning Representations.

[31]

Xiao Wang, Houye Ji, Chuan Shi, Bai Wang, Peng Cui, P Yu, and Yanfang Ye. 2019. Heterogeneous Graph Attention Network. arXiv preprint arXiv:1903.07293 (2019).

[32]

Keyulu Xu, Chengtao Li, Yonglong Tian, Tomohiro Sonobe, Ken-ichi Kawarabayashi, and Stefanie Jegelka. 2018. Representation Learning on Graphs with Jumping Knowledge Networks. In International Conference on Machine Learning.

[33]

Rex Ying, Ruining He, Kaifeng Chen, Pong Eksombatchai, William L Hamilton, and Jure Leskovec. 2018. Graph Convolutional Neural Networks for Web-Scale Recommender Systems. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.

Digital Library

[34]

Jiani Zhang, Xingjian Shi, Junyuan Xie, Hao Ma, Irwin King, and Dit-Yan Yeung. 2018b. GaAN: Gated Attention Networks for Learning on Large and Spatiotemporal Graphs. In Proceedings of the Thirty-Fourth Conference on Uncertainty in Artificial Intelligence.

[35]

Ziwei Zhang, Peng Cui, and Wenwu Zhu. 2018a. Deep Learning on Graphs: A Survey. arXiv preprint arXiv:1812.04202 (2018).

[36]

Dingyuan Zhu, Peng Cui, Daixin Wang, and Wenwu Zhu. 2018. Deep variational network embedding in wasserstein space. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. ACM, 2827--2836.

Digital Library

[37]

Daniel Zügner, Amir Akbarnejad, and Stephan Günnemann. 2018. Adversarial attacks on neural networks for graph data. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. ACM, 2847--2856.

Digital Library

[38]

Daniel Zügner and Stephan Günnemann. 2019. Adversarial Attacks on Graph Neural Networks via Meta Learning. In Proceedings of the 8th International Conference on Learning Representations.

Cited By

Singh VKumar SPrasad AJayadeva (2025)A Unified Optimization-Based Framework for Certifiably Robust and Fair Graph Neural NetworksIEEE Transactions on Signal Processing10.1109/TSP.2024.351409173(83-98)Online publication date: 2025
https://doi.org/10.1109/TSP.2024.3514091
Yu HLiang KHu DTu WMa CZhou SLiu X(2025)GZOO: Black-Box Node Injection Attack on Graph Neural Networks via Zeroth-Order OptimizationIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.348327437:1(319-333)Online publication date: Jan-2025
https://doi.org/10.1109/TKDE.2024.3483274
Zhang JHong YCheng DZhang LZhao Q(2025)Defending adversarial attacks in Graph Neural Networks via tensor enhancementPattern Recognition10.1016/j.patcog.2024.110954158(110954)Online publication date: Feb-2025
https://doi.org/10.1016/j.patcog.2024.110954
Show More Cited By

Index Terms

Robust Graph Convolutional Networks Against Adversarial Attacks

Recommendations

Enhancing Robustness of Graph Convolutional Networks via Dropping Graph Connections
Machine Learning and Knowledge Discovery in Databases
Abstract
Graph convolutional networks (GCNs) have emerged as one of the most popular neural networks for a variety of tasks over graphs. Despite their remarkable learning and inference ability, GCNs are still vulnerable to adversarial attacks that ...
Robust Mid-Pass Filtering Graph Convolutional Networks
WWW '23: Proceedings of the ACM Web Conference 2023

Graph convolutional networks (GCNs) are currently the most promising paradigm for dealing with graph-structure data, while recent studies have also shown that GCNs are vulnerable to adversarial attacks. Thus developing GCN models that are robust to such ...
How to Defend and Secure Deep Learning Models Against Adversarial Attacks in Computer Vision: A Systematic Review
Abstract
Deep learning plays a significant role in developing a robust and constructive framework for tackling complex learning tasks. Consequently, it is widely utilized in many security-critical contexts, such as Self-Driving and Biometric Systems. Due ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

KDD '19: Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining

July 2019

3305 pages

ISBN:9781450362016

DOI:10.1145/3292500

General Chairs:
Ankur Teredesai
KenSci
,
Vipin Kumar
University of Minnesota
,
Program Chairs:
Ying Li
EV Analysis Corporation
,
Rómer Rosales
LinkedIn
,
Evimaria Terzi
Boston University
,
George Karypis
University of Minnesota

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 July 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

KDD '19

Sponsor:

KDD '19: The 25th ACM SIGKDD Conference on Knowledge Discovery and Data Mining

August 4 - 8, 2019

AK, Anchorage, USA

Acceptance Rates

KDD '19 Paper Acceptance Rate 110 of 1,200 submissions, 9%;

Overall Acceptance Rate 1,133 of 8,635 submissions, 13%

Upcoming Conference

KDD '25

Sponsor:
sigkdd
sigkdd

The 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining

August 3 - 7, 2025

Toronto , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

219
Total Citations
View Citations
2,760
Total Downloads

Downloads (Last 12 months)264
Downloads (Last 6 weeks)32

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Singh VKumar SPrasad AJayadeva (2025)A Unified Optimization-Based Framework for Certifiably Robust and Fair Graph Neural NetworksIEEE Transactions on Signal Processing10.1109/TSP.2024.351409173(83-98)Online publication date: 2025
https://doi.org/10.1109/TSP.2024.3514091
Yu HLiang KHu DTu WMa CZhou SLiu X(2025)GZOO: Black-Box Node Injection Attack on Graph Neural Networks via Zeroth-Order OptimizationIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.348327437:1(319-333)Online publication date: Jan-2025
https://doi.org/10.1109/TKDE.2024.3483274
Zhang JHong YCheng DZhang LZhao Q(2025)Defending adversarial attacks in Graph Neural Networks via tensor enhancementPattern Recognition10.1016/j.patcog.2024.110954158(110954)Online publication date: Feb-2025
https://doi.org/10.1016/j.patcog.2024.110954
Li BXie XLei HFang RKang Z(2025)Simplified PCNet with robustnessNeural Networks10.1016/j.neunet.2024.107099184(107099)Online publication date: Apr-2025
https://doi.org/10.1016/j.neunet.2024.107099
Menaouer BFairouz SMeriem MMohammed SNada M(2025)A sentiment analysis of the Ukraine-Russia War tweets using knowledge graph convolutional networksInternational Journal of Information Technology10.1007/s41870-024-02357-0Online publication date: 3-Jan-2025
https://doi.org/10.1007/s41870-024-02357-0
Khaleel YHabeeb MAlnabulsi H(2024)Adversarial Attacks in Machine Learning: Key Insights and Defense ApproachesApplied Data Science and Analysis10.58496/ADSA/2024/0112024(121-147)Online publication date: 7-Aug-2024
https://doi.org/10.58496/ADSA/2024/011
An DYang YLiu WZhao QLiu JQi HLian J(2024)A Secure GNN Training Framework for Partially Observable GraphElectronics10.3390/electronics1314272113:14(2721)Online publication date: 11-Jul-2024
https://doi.org/10.3390/electronics13142721
Li HDi SLi CChen LZhou X(2024)Fight Fire with Fire: Towards Robust Graph Neural Networks on Dynamic Graphs via Actively DefenseProceedings of the VLDB Endowment10.14778/3659437.365945717:8(2050-2063)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.14778/3659437.3659457
Xu HXiang LGan XFu LWang XZhou C(2024)Distributional Learning for Network Alignment with Global ConstraintsACM Transactions on Knowledge Discovery from Data10.1145/363805618:4(1-16)Online publication date: 12-Feb-2024
https://dl.acm.org/doi/10.1145/3638056
Zhong LLin RLi JWang SChen ZBaeza-Yates RBonchi F(2024)Bridging and Compressing Feature and Semantic Spaces for Robust Graph Neural Networks: An Information Theory PerspectiveProceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining10.1145/3637528.3671870(4571-4582)Online publication date: 25-Aug-2024
https://dl.acm.org/doi/10.1145/3637528.3671870
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents