Topology attack and defense for graph neural networks: An optimization perspective

Kaidi Xu; Hongge Chen; Sijia Liu; Pin Yu Chen; Tsui Wei Weng; Mingyi Hong; Xue Lin

doi:10.24963/ijcai.2019/550

Topology attack and defense for graph neural networks: An optimization perspective

Kaidi Xu, Hongge Chen, Sijia Liu, Pin Yu Chen, Tsui Wei Weng, Mingyi Hong, Xue Lin

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

75 Scopus citations

Abstract

Graph neural networks (GNNs) which apply the deep neural networks to graph data have achieved significant performance for the task of semi-supervised node classification. However, only few work has addressed the adversarial robustness of GNNs. In this paper, we first present a novel gradient-based attack method that facilitates the difficulty of tackling discrete graph data. When comparing to current adversarial attacks on GNNs, the results show that by only perturbing a small number of edge perturbations, including addition and deletion, our optimization-based attack can lead to a noticeable decrease in classification performance. Moreover, leveraging our gradient-based attack, we propose the first optimization-based adversarial training for GNNs. Our method yields higher robustness against both different gradient based and greedy attack methods without sacrificing classification accuracy on original graph.

Original language	English (US)
Title of host publication	Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019
Editors	Sarit Kraus
Publisher	International Joint Conferences on Artificial Intelligence
Pages	3961-3967
Number of pages	7
ISBN (Electronic)	9780999241141
DOIs	https://doi.org/10.24963/ijcai.2019/550
State	Published - 2019
Event	28th International Joint Conference on Artificial Intelligence, IJCAI 2019 - Macao, China Duration: Aug 10 2019 → Aug 16 2019

Publication series

Name	IJCAI International Joint Conference on Artificial Intelligence
Volume	2019-August
ISSN (Print)	1045-0823

Conference

Conference	28th International Joint Conference on Artificial Intelligence, IJCAI 2019
Country/Territory	China
City	Macao
Period	8/10/19 → 8/16/19

Bibliographical note

Funding Information:
This work is supported by Air Force Research Laboratory FA8750-18-2-0058 and the MIT-IBM Watson AI Lab.

Publisher Copyright:
© 2019 International Joint Conferences on Artificial Intelligence. All rights reserved.

Publisher link

10.24963/ijcai.2019/550

Find It

Find It at U of M Libraries

Cite this

Xu, K., Chen, H., Liu, S., Chen, P. Y., Weng, T. W., Hong, M., & Lin, X. (2019). Topology attack and defense for graph neural networks: An optimization perspective. In S. Kraus (Ed.), Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019 (pp. 3961-3967). (IJCAI International Joint Conference on Artificial Intelligence; Vol. 2019-August). International Joint Conferences on Artificial Intelligence. https://doi.org/10.24963/ijcai.2019/550

Topology attack and defense for graph neural networks : An optimization perspective. / Xu, Kaidi; Chen, Hongge; Liu, Sijia et al.

Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019. ed. / Sarit Kraus. International Joint Conferences on Artificial Intelligence, 2019. p. 3961-3967 (IJCAI International Joint Conference on Artificial Intelligence; Vol. 2019-August).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Xu, K, Chen, H, Liu, S, Chen, PY, Weng, TW, Hong, M & Lin, X 2019, Topology attack and defense for graph neural networks: An optimization perspective. in S Kraus (ed.), Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019. IJCAI International Joint Conference on Artificial Intelligence, vol. 2019-August, International Joint Conferences on Artificial Intelligence, pp. 3961-3967, 28th International Joint Conference on Artificial Intelligence, IJCAI 2019, Macao, China, 8/10/19. https://doi.org/10.24963/ijcai.2019/550

Xu K, Chen H, Liu S, Chen PY, Weng TW, Hong M et al. Topology attack and defense for graph neural networks: An optimization perspective. In Kraus S, editor, Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019. International Joint Conferences on Artificial Intelligence. 2019. p. 3961-3967. (IJCAI International Joint Conference on Artificial Intelligence). doi: 10.24963/ijcai.2019/550

Xu, Kaidi ; Chen, Hongge ; Liu, Sijia et al. / Topology attack and defense for graph neural networks : An optimization perspective. Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019. editor / Sarit Kraus. International Joint Conferences on Artificial Intelligence, 2019. pp. 3961-3967 (IJCAI International Joint Conference on Artificial Intelligence).

@inproceedings{ea1ece735677409a8441c78821b1e678,

title = "Topology attack and defense for graph neural networks: An optimization perspective",

abstract = "Graph neural networks (GNNs) which apply the deep neural networks to graph data have achieved significant performance for the task of semi-supervised node classification. However, only few work has addressed the adversarial robustness of GNNs. In this paper, we first present a novel gradient-based attack method that facilitates the difficulty of tackling discrete graph data. When comparing to current adversarial attacks on GNNs, the results show that by only perturbing a small number of edge perturbations, including addition and deletion, our optimization-based attack can lead to a noticeable decrease in classification performance. Moreover, leveraging our gradient-based attack, we propose the first optimization-based adversarial training for GNNs. Our method yields higher robustness against both different gradient based and greedy attack methods without sacrificing classification accuracy on original graph.",

author = "Kaidi Xu and Hongge Chen and Sijia Liu and Chen, {Pin Yu} and Weng, {Tsui Wei} and Mingyi Hong and Xue Lin",

note = "Funding Information: This work is supported by Air Force Research Laboratory FA8750-18-2-0058 and the MIT-IBM Watson AI Lab. Publisher Copyright: {\textcopyright} 2019 International Joint Conferences on Artificial Intelligence. All rights reserved.; 28th International Joint Conference on Artificial Intelligence, IJCAI 2019 ; Conference date: 10-08-2019 Through 16-08-2019",

year = "2019",

doi = "10.24963/ijcai.2019/550",

language = "English (US)",

series = "IJCAI International Joint Conference on Artificial Intelligence",

publisher = "International Joint Conferences on Artificial Intelligence",

pages = "3961--3967",

editor = "Sarit Kraus",

booktitle = "Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019",

}

TY - GEN

T1 - Topology attack and defense for graph neural networks

T2 - 28th International Joint Conference on Artificial Intelligence, IJCAI 2019

AU - Xu, Kaidi

AU - Chen, Hongge

AU - Liu, Sijia

AU - Chen, Pin Yu

AU - Weng, Tsui Wei

AU - Hong, Mingyi

AU - Lin, Xue

N1 - Funding Information: This work is supported by Air Force Research Laboratory FA8750-18-2-0058 and the MIT-IBM Watson AI Lab. Publisher Copyright: © 2019 International Joint Conferences on Artificial Intelligence. All rights reserved.

PY - 2019

Y1 - 2019

N2 - Graph neural networks (GNNs) which apply the deep neural networks to graph data have achieved significant performance for the task of semi-supervised node classification. However, only few work has addressed the adversarial robustness of GNNs. In this paper, we first present a novel gradient-based attack method that facilitates the difficulty of tackling discrete graph data. When comparing to current adversarial attacks on GNNs, the results show that by only perturbing a small number of edge perturbations, including addition and deletion, our optimization-based attack can lead to a noticeable decrease in classification performance. Moreover, leveraging our gradient-based attack, we propose the first optimization-based adversarial training for GNNs. Our method yields higher robustness against both different gradient based and greedy attack methods without sacrificing classification accuracy on original graph.

AB - Graph neural networks (GNNs) which apply the deep neural networks to graph data have achieved significant performance for the task of semi-supervised node classification. However, only few work has addressed the adversarial robustness of GNNs. In this paper, we first present a novel gradient-based attack method that facilitates the difficulty of tackling discrete graph data. When comparing to current adversarial attacks on GNNs, the results show that by only perturbing a small number of edge perturbations, including addition and deletion, our optimization-based attack can lead to a noticeable decrease in classification performance. Moreover, leveraging our gradient-based attack, we propose the first optimization-based adversarial training for GNNs. Our method yields higher robustness against both different gradient based and greedy attack methods without sacrificing classification accuracy on original graph.

UR - http://www.scopus.com/inward/record.url?scp=85074917638&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85074917638&partnerID=8YFLogxK

U2 - 10.24963/ijcai.2019/550

DO - 10.24963/ijcai.2019/550

M3 - Conference contribution

AN - SCOPUS:85074917638

T3 - IJCAI International Joint Conference on Artificial Intelligence

SP - 3961

EP - 3967

BT - Proceedings of the 28th International Joint Conference on Artificial Intelligence, IJCAI 2019

A2 - Kraus, Sarit

PB - International Joint Conferences on Artificial Intelligence

Y2 - 10 August 2019 through 16 August 2019

ER -

Topology attack and defense for graph neural networks: An optimization perspective

Abstract

Publication series

Conference

Bibliographical note

Publisher link

Find It

Other files and links

Fingerprint

Cite this