Adversarial Training for Graph Neural Networks: Pitfalls, Solutions, and New Directions
Abstract
Despite its success in the image domain, adversarial training did not (yet) stand out as an effective defense for Graph Neural Networks (GNNs) against graph structure perturbations. In the pursuit of fixing adversarial training (1) we show and overcome fundamental theoretical as well as practical limitations of the adopted graph learning setting in prior work; (2) we reveal that flexible GNNs based on learnable graph diffusion are able to adjust to adversarial perturbations, while the learned message passing scheme is naturally interpretable; (3) we introduce the first attack for structure perturbations that, while targeting multiple nodes at once, is capable of handling global (graph-level) as well as local (node-level) constraints. Including these contributions, we demonstrate that adversarial training is a state-of-the-art defense against adversarial structure perturbations.
Cite
Text
Gosch et al. "Adversarial Training for Graph Neural Networks: Pitfalls, Solutions, and New Directions." Neural Information Processing Systems, 2023.Markdown
[Gosch et al. "Adversarial Training for Graph Neural Networks: Pitfalls, Solutions, and New Directions." Neural Information Processing Systems, 2023.](https://mlanthology.org/neurips/2023/gosch2023neurips-adversarial/)BibTeX
@inproceedings{gosch2023neurips-adversarial,
title = {{Adversarial Training for Graph Neural Networks: Pitfalls, Solutions, and New Directions}},
author = {Gosch, Lukas and Geisler, Simon and Sturm, Daniel and Charpentier, Bertrand and Zügner, Daniel and Günnemann, Stephan},
booktitle = {Neural Information Processing Systems},
year = {2023},
url = {https://mlanthology.org/neurips/2023/gosch2023neurips-adversarial/}
}