Jiarong Xu,Junru Chen,Siqi You,Zhiqing Xiao,Yang,Jiangang Lu

DOI: https://doi.org/10.1016/j.aiopen.2021.05.002

2021-01-01

AI Open

Abstract:Machine learning (ML) technologies have achieved significant success in various downstream tasks, e.g., node classification, link prediction, community detection, graph classification and graph clustering. However, many studies have shown that the models built upon ML technologies are vulnerable to noises and adversarial attacks. A number of works have studied the robust models against noise or adversarial examples in image domains and text processing domains, however, it is more challenging to learn robust models in graph domains. Adding noises or perturbations on graph data will make the robustness even harder to enhance – the noises and perturbations of edges or node attributes are easy to propagate to other neighbors via the relational information on a graph. In this paper, we investigate and summarize the existing works that study the robust deep learning models against adversarial attacks or noises on graphs, namely the robust learning (models) on graphs. Specifically, we first provide some robustness evaluation metrics of model robustness on graphs. Then, we comprehensively provide a taxonomy which groups robust models on graphs into five categories: anomaly detection, adversarial training, pre-processing, attention mechanism, and certifiable robustness. Besides, we emphasize some promising future directions in learning robust models on graphs. Hopefully, our works can offer insights for the relevant researchers, thus providing assistance for their studies.

Jiarong Xu,Yang,Junru Chen,Xin Jiang,Chunping Wang,Jiangang Lu,Yizhou Sun

DOI: https://doi.org/10.1609/aaai.v36i4.20349

2020-01-01

Abstract:Unsupervised/self-supervised pre-training methods for graph representation learning have recently attracted increasing research interests, and they are shown to be able to generalize to various downstream applications. Yet, the adversarial robustness of such pre-trained graph learning models remains largely unexplored. More importantly, most existing defense techniques designed for end-to-end graph representation learning methods require pre-specified label definitions, and thus cannot be directly applied to the pre-training methods. In this paper, we propose an unsupervised defense technique to robustify pre-trained deep graph models, so that the perturbations on the input graph can be successfully identified and blocked before the model is applied to different downstream tasks. Specifically, we introduce a mutual information-based measure, graph representation vulnerability (GRV), to quantify the robustness of graph encoders on the representation space. We then formulate an optimization problem to learn the graph representation by carefully balancing the trade-off between the expressive power and the robustness (i.e., GRV) of the graph encoder. The discrete nature of graph topology and the joint space of graph data make the optimization problem intractable to solve. To handle the above difficulty and to reduce computational expense, we further relax the problem and thus provide an approximate solution. Additionally, we explore a provable connection between the robustness of the unsupervised graph encoder and that of models on downstream tasks. Extensive experiments demonstrate that even without access to labels and tasks, our model is still able to enhance robustness against adversarial attacks on three downstream tasks (node classification, link prediction, and community detection) by an average of +16.5% compared with existing methods.

Guanlin Li,Guowen Xu,Han Qiu,Ruan He,Jiwei Li,Tianwei Zhang

DOI: https://doi.org/10.1007/978-3-031-19772-7_39

2022-01-01

Abstract:3D point cloud classification models based on deep neural networks were proven to be vulnerable to adversarial examples, with a quantity of novel attack techniques proposed by researchers recently. It is of paramount importance to preserve the robustness of 3D models under adversarial environments, considering their broad application in safety- and security-critical tasks. Unfortunately, existing defenses are not general enough to satisfactorily mitigate all types of attacks. In this paper, we design two innovative methodologies to improve the adversarial robustness of 3D point cloud classification models. (1) We introduce CCN, a novel point cloud architecture which can smooth and disrupt the adversarial perturbations. (2) We propose AMS, a novel data augmentation strategy to adaptively balance the model usability and robustness. Extensive evaluations indicate the integration of the two techniques provides much more robustness than existing defense solutions for 3D classification models.

Qinkai Zheng,Xu Zou,Yuxiao Dong,Yukuo Cen,Da Yin,Jie Tang

2021-01-01

Abstract:Recent studies have shown that Graph Neural Networks (GNNs) are vulnerable to 1 adversarial attacks. Previous attacks and defenses on GNNs face common prob2 lems like scalability or generality, which hinder the progress of this domain. By 3 rethinking limitations in previous works, we propose Graph Robustness Benchmark 4 (GRB), the first benchmark that aims to provide scalable, general, unified, and 5 reproducible evaluation on adversarial robustness of GNNs. GRB includes (1) 6 scalable datasets processed by a novel splitting scheme; (2) diverse set of baseline 7 methods covering GNNs, attacks, and defenses; (3) unified evaluation pipeline that 8 permits a fair comparison; (4) modular coding framework that facilitates imple9 mentation of various methods and ensures reproducibility; (5) leaderboards that 10 track the progress of the field. Besides, we propose two strong baseline defenses 11 that significantly outperform previous ones. With extensive experiments, we can 12 fairly compare all methods and investigate their pros and cons. GRB is open-source 13 and maintains all datasets, codes, leaderboards at https://cogdl.ai/grb/home, 14 which will be continuously updated to promote future research in this field. 15

Yang Liu,Jiaying Peng,Liang Chen,Zibin Zheng

DOI: https://doi.org/10.3233/FAIA200233

2020-01-01

Abstract:Graph convolutional networks (GCNs) have attracted much attention and become a powerful tool for graph data analysis. However, recent studies show that these methods are vulnerable to adversarial attacks (e.g. changing node attributes). Although several works have proposed to improve the robustness of GCNs, only a few works address their provable robustness. In this work, we propose a novel Abstract Interpretation (AI) based method for scalable robustness certification of graph convolutional networks. Different from the AI-based certification in the image classification task whose data is continuous, the considered perturbation on node attributes in this paper is binary. To address this challenge, our central idea is to over-approximate all possible perturbations of the first layer output instead of the input layer. Abstract transformers for graph convolutional operations are further defined to prove the robustness automatically. Experimental results on three public graph datasets demonstrate that our method is faster than the state-of-the-art certification approach.

Dingyuan Zhu,Ziwei Zhang,Peng Cui,Wenwu Zhu

DOI: https://doi.org/10.1145/3292500.3330851

2019-01-01

Abstract:Graph Convolutional Networks (GCNs) are an emerging type of neural network model on graphs which have achieved state-of-the-art performance in the task of node classification. However, recent studies show that GCNs are vulnerable to adversarial attacks, i.e. small deliberate perturbations in graph structures and node attributes, which poses great challenges for applying GCNs to real world applications. How to enhance the robustness of GCNs remains a critical open problem. To address this problem, we propose Robust GCN (RGCN), a novel model that "fortifies'' GCNs against adversarial attacks. Specifically, instead of representing nodes as vectors, our method adopts Gaussian distributions as the hidden representations of nodes in each convolutional layer. In this way, when the graph is attacked, our model can automatically absorb the effects of adversarial changes in the variances of the Gaussian distributions. Moreover, to remedy the propagation of adversarial attacks in GCNs, we propose a variance-based attention mechanism, i.e. assigning different weights to node neighborhoods according to their variances when performing convolutions. Extensive experimental results demonstrate that our proposed method can effectively improve the robustness of GCNs. On three benchmark graphs, our RGCN consistently shows a substantial gain in node classification accuracy compared with state-of-the-art GCNs against various adversarial attack strategies.

Tao Wu,Canyixing Cui,Xingping Xian,Shaojie Qiao,Chao Wang,Lin Yuan,Shui Yu

2024-06-20

Abstract:Graph neural networks (GNNs) have achieved tremendous success, but recent studies have shown that GNNs are vulnerable to adversarial attacks, which significantly hinders their use in safety-critical scenarios. Therefore, the design of robust GNNs has attracted increasing attention. However, existing research has mainly been conducted via experimental trial and error, and thus far, there remains a lack of a comprehensive understanding of the vulnerability of GNNs. To address this limitation, we systematically investigate the adversarial robustness of GNNs by considering graph data patterns, model-specific factors, and the transferability of adversarial examples. Through extensive experiments, a set of principled guidelines is obtained for improving the adversarial robustness of GNNs, for example: (i) rather than highly regular graphs, the training graph data with diverse structural patterns is crucial for model robustness, which is consistent with the concept of adversarial training; (ii) the large model capacity of GNNs with sufficient training data has a positive effect on model robustness, and only a small percentage of neurons in GNNs are affected by adversarial attacks; (iii) adversarial transfer is not symmetric and the adversarial examples produced by the small-capacity model have stronger adversarial transferability. This work illuminates the vulnerabilities of GNNs and opens many promising avenues for designing robust GNNs.

Machine Learning,Social and Information Networks

Liang Chen,Jintang Li,Qibiao Peng,Yang Liu,Zibin Zheng,Carl Yang

DOI: https://doi.org/10.48550/arXiv.2108.06280

2021-09-11

Abstract:Recent studies have shown that Graph Convolutional Networks (GCNs) are vulnerable to adversarial attacks on the graph structure. Although multiple works have been proposed to improve their robustness against such structural adversarial attacks, the reasons for the success of the attacks remain unclear. In this work, we theoretically and empirically demonstrate that structural adversarial examples can be attributed to the non-robust aggregation scheme (i.e., the weighted mean) of GCNs. Specifically, our analysis takes advantage of the breakdown point which can quantitatively measure the robustness of aggregation schemes. The key insight is that weighted mean, as the basic design of GCNs, has a low breakdown point and its output can be dramatically changed by injecting a single edge. We show that adopting the aggregation scheme with a high breakdown point (e.g., median or trimmed mean) could significantly enhance the robustness of GCNs against structural attacks. Extensive experiments on four real-world datasets demonstrate that such a simple but effective method achieves the best robustness performance compared to state-of-the-art models.

Machine Learning,Cryptography and Security

Jun Guo,Wei Bao,Jiakai Wang,Yuqing Ma,Xinghai Gao,Gang Xiao,Aishan Liu,Jian Dong,Xianglong Liu,Wenjun Wu

DOI: https://doi.org/10.1016/j.patcog.2023.109308

IF: 8

2023-01-01

Pattern Recognition

Abstract:Deep neural networks (DNNs) have achieved remarkable performance across a wide range of applica-tions, while they are vulnerable to adversarial examples, which motivates the evaluation and benchmark of model robustness. However, current evaluations usually use simple metrics to study the performance of defenses, which are far from understanding the limitation and weaknesses of these defense methods. Thus, most proposed defenses are quickly shown to be attacked successfully, which results in the "arm race" phenomenon between attack and defense. To mitigate this problem, we establish a model robust-ness evaluation framework containing 23 comprehensive and rigorous metrics, which consider two key perspectives of adversarial learning (i.e., data and model). Through neuron coverage and data impercep-tibility, we use data-oriented metrics to measure the integrity of test examples; by delving into model structure and behavior, we exploit model-oriented metrics to further evaluate robustness in the adversar-ial setting. To fully demonstrate the effectiveness of our framework, we conduct large-scale experiments on multiple datasets including CIFAR-10, SVHN, and ImageNet using different models and defenses with our open-source platform. Overall, our paper provides a comprehensive evaluation framework, where re-searchers could conduct comprehensive and fast evaluations using the open-source toolkit, and the ana-lytical results could inspire deeper understanding and further improvement to the model robustness.(c) 2023 Elsevier Ltd. All rights reserved.

Wenjun Jiang,Tianlong Fan,Changhao Li,Chuanfu Zhang,Tao Zhang,Zong-fu Luo

2024-05-29

Abstract:Connectivity robustness, a crucial aspect for understanding, optimizing, and repairing complex networks, has traditionally been evaluated through time-consuming and often impractical simulations. Fortunately, machine learning provides a new avenue for addressing this challenge. However, several key issues remain unresolved, including the performance in more general edge removal scenarios, capturing robustness through attack curves instead of directly training for robustness, scalability of predictive tasks, and transferability of predictive capabilities. In this paper, we address these challenges by designing a convolutional neural networks (CNN) model with spatial pyramid pooling networks (SPP-net), adapting existing evaluation metrics, redesigning the attack modes, introducing appropriate filtering rules, and incorporating the value of robustness as training data. The results demonstrate the thoroughness of the proposed CNN framework in addressing the challenges of high computational time across various network types, failure component types and failure scenarios. However, the performance of the proposed CNN model varies: for evaluation tasks that are consistent with the trained network type, the proposed CNN model consistently achieves accurate evaluations of both attack curves and robustness values across all removal scenarios. When the predicted network type differs from the trained network, the CNN model still demonstrates favorable performance in the scenario of random node failure, showcasing its scalability and performance transferability. Nevertheless, the performance falls short of expectations in other removal scenarios. This observed scenario-sensitivity in the evaluation of network features has been overlooked in previous studies and necessitates further attention and optimization. Lastly, we discuss important unresolved questions and further investigation.

Computer Vision and Pattern Recognition,Machine Learning,Networking and Internet Architecture,Social and Information Networks

Yiran Li,Junpeng Wang,Takanori Fujiwara,Kwan-Liu Ma

DOI: https://doi.org/10.1145/3587470

2023-03-06

Abstract:Adversarial attacks on a convolutional neural network (CNN) -- injecting human-imperceptible perturbations into an input image -- could fool a high-performance CNN into making incorrect predictions. The success of adversarial attacks raises serious concerns about the robustness of CNNs, and prevents them from being used in safety-critical applications, such as medical diagnosis and autonomous driving. Our work introduces a visual analytics approach to understanding adversarial attacks by answering two questions: (1) which neurons are more vulnerable to attacks and (2) which image features do these vulnerable neurons capture during the prediction? For the first question, we introduce multiple perturbation-based measures to break down the attacking magnitude into individual CNN neurons and rank the neurons by their vulnerability levels. For the second, we identify image features (e.g., cat ears) that highly stimulate a user-selected neuron to augment and validate the neuron's responsibility. Furthermore, we support an interactive exploration of a large number of neurons by aiding with hierarchical clustering based on the neurons' roles in the prediction. To this end, a visual analytics system is designed to incorporate visual reasoning for interpreting adversarial attacks. We validate the effectiveness of our system through multiple case studies as well as feedback from domain experts.

Computer Vision and Pattern Recognition,Cryptography and Security,Human-Computer Interaction,Machine Learning

Tao Wu,Nan Yang,Long Chen,Xiaokui Xiao,Xingping Xian,Jun Liu,Shaojie Qiao,Canyixing Cui

DOI: https://doi.org/10.1016/j.ins.2022.10.115

IF: 8.1

2022-01-01

Information Sciences

Abstract:With recent advancements, graph neural networks (GNNs) have shown considerable potential for various graph-related tasks, and their applications have gained considerable attention. However, adversarial attacks can significantly degrade the performance of GNNs, hindering their deployment in critical real-world tasks. GNNs must be robust against adversarial attacks, in which imperceptible adversarial perturbations are introduced to induce serious security issues. To achieve this goal, we propose a robust graph convolutional network, ERGCN, for node classification via data enhancement. ERGCN simultaneously utilizes properties from the “data domain” and “model space” as guidance. Based on the feature smoothness assumption, a graph structure enhancement (GSE) mechanism is proposed to improve the structural reliability of input graphs. Moreover, inspired by self-training methods that assign pseudo-labels to unlabeled training samples and use them to optimize the target model iteratively, a reliable node selection metric, model boundary distance (MBD), is defined based on the distance from training samples to model decision boundary. Finally, a self-training-based robust graph convolutional network is proposed for node classification. Extensive experiments on three public datasets demonstrate the superiority of our model over existing state-of-the-art methods. Our study provides a solution for trustworthy graph machine learning systems in adversarial environments. The code is available at https://github.com/star4455/ERGCN .

Hu Weibo,Chen Chuan,Chang Yaomin,Zheng Zibin,Du Yunfei

DOI: https://doi.org/10.1007/s10489-021-02272-y

IF: 5.3

2021-01-01

Applied Intelligence

Abstract:Graph convolutional networks (GCNs), an emerging type of neural network model on graphs, have presented state-of-the-art performance on the node classification task. However, recent studies show that neural networks are vulnerable to the small but deliberate perturbations on input features. And GCNs could be more sensitive to the perturbations since the perturbations from neighbor nodes exacerbate the impact on a target node through the convolution. Adversarial training (AT) is a regularization technique that has been shown capable of improving the robustness of the model against perturbations on image classification. However, directly adopting AT on GCNs is less effective since AT regards examples as independent of each other and does not consider the impact from connected examples. In this work, we explore AT on graph and propose a graph-specific AT method, Directional Graph Adversarial Training (DGAT), which incorporates the graph structure into the adversarial process and automatically identifies the impact of perturbations from neighbor nodes. Concretely, we consider the impact from the connected nodes to define the neighbor perturbation which restricts the perturbation direction on node features towards their neighbor nodes, and additionally introduce an adversarial regularizer to defend the worst-case perturbations. In this way, DGAT can resist the impact of worst-case adversarial perturbations and reduce the impact of perturbations from neighbor nodes. Extensive experiments demonstrate that DGAT can effectively improve the robustness and generalization performance of GCNs. Specially, GCNs with DGAT can provide better performance when there are rare few labels available for training.

Francesco Campi,Lukas Gosch,Tom Wollschläger,Yan Scholten,Stephan Günnemann

2024-07-03

Abstract:We perform the first adversarial robustness study into Graph Neural Networks (GNNs) that are provably more powerful than traditional Message Passing Neural Networks (MPNNs). In particular, we use adversarial robustness as a tool to uncover a significant gap between their theoretically possible and empirically achieved expressive power. To do so, we focus on the ability of GNNs to count specific subgraph patterns, which is an established measure of expressivity, and extend the concept of adversarial robustness to this task. Based on this, we develop efficient adversarial attacks for subgraph counting and show that more powerful GNNs fail to generalize even to small perturbations to the graph's structure. Expanding on this, we show that such architectures also fail to count substructures on out-of-distribution graphs.

Machine Learning

Xiaoyun Wang,Xuanqing Liu,Cho-Jui Hsieh

DOI: https://doi.org/10.48550/arXiv.1911.04429

IF: 5.414

2019-11-11

Machine Learning

Abstract:In this paper, we study the robustness of graph convolutional networks (GCNs). Despite the good performance of GCNs on graph semi-supervised learning tasks, previous works have shown that the original GCNs are very unstable to adversarial perturbations. In particular, we can observe a severe performance degradation by slightly changing the graph adjacency matrix or the features of a few nodes, making it unsuitable for security-critical applications. Inspired by the previous works on adversarial defense for deep neural networks, and especially adversarial training algorithm, we propose a method called GraphDefense to defend against the adversarial perturbations. In addition, for our defense method, we could still maintain semi-supervised learning settings, without a large label rate. We also show that adversarial training in features is equivalent to adversarial training for edges with a small perturbation. Our experiments show that the proposed defense methods successfully increase the robustness of Graph Convolutional Networks. Furthermore, we show that with careful design, our proposed algorithm can scale to large graphs, such as Reddit dataset.

Qinkai Zheng,Xu Zou,Yuxiao Dong,Yukuo Cen,Da Yin,Jiarong Xu,Yang,Jie Tang

DOI: https://doi.org/10.48550/arxiv.2111.04314

2021-01-01

Abstract:Adversarial attacks on graphs have posed a major threat to the robustness of graph machine learning (GML) models. Naturally, there is an ever-escalating arms race between attackers and defenders. However, the strategies behind both sides are often not fairly compared under the same and realistic conditions. To bridge this gap, we present the Graph Robustness Benchmark (GRB) with the goal of providing a scalable, unified, modular, and reproducible evaluation for the adversarial robustness of GML models. GRB standardizes the process of attacks and defenses by 1) developing scalable and diverse datasets, 2) modularizing the attack and defense implementations, and 3) unifying the evaluation protocol in refined scenarios. By leveraging the GRB pipeline, the end-users can focus on the development of robust GML models with automated data processing and experimental evaluations. To support open and reproducible research on graph adversarial learning, GRB also hosts public leaderboards across different scenarios. As a starting point, we conduct extensive experiments to benchmark baseline techniques. GRB is open-source and welcomes contributions from the community. Datasets, codes, leaderboards are available at https://cogdl.ai/grb/home.

Jie Gao,Zhaoqiang Xia,Jing Dai,Chen Dang,Xiaoyue Jiang,Xiaoyi Feng

DOI: https://doi.org/10.1007/s13042-023-01888-5

2023-01-01

International Journal of Machine Learning and Cybernetics

Abstract:Recently, convolutional neural networks have been shown to be sensitive to artificially designed perturbations that are imperceptible to the naked eye. Whether it is image classification, semantic segmentation, or object detection, all of them will face such problem. The existence of adversarial examples raises questions about the security of smart applications. Some works have paid attention to this problem and proposed several defensive strategies to resist adversarial attacks. However, no one explored the vulnerable area of the model under multiple attacks. In this work, we fill this gap by exploring the vulnerable areas of the model, which is vulnerable to adversarial attacks. Specifically, under various attack methods with different strengths, we conduct extensive experiments on two datasets based on three different networks and illustrate some phenomena. Besides, by exploiting the Siamese Network, we propose a novel approach to more intuitively discover the deficiencies of the model. Moreover, we further provide a novel adaptive vulnerable point repair method to improve the adversarial robustness of the model. Extensive experimental results show that our proposed method can effectively improve the adversarial robustness of the model.

SUN Hao,CHEN Jin,LEI Lin,JI Kefeng,KUANG Gangyao

DOI: https://doi.org/10.12000/jr21048

2021-01-01

JOURNAL OF RADARS

Abstract:Deep convolutional neural networks have achieved great success in recent years. They have been widely used in various applications such as optical and SAR image scene classification, object detection and recognition, semantic segmentation, and change detection. However, deep neural networks rely on large-scale high-quality training data, and can only guarantee good performance when the training and test data are independently sampled from the same distribution. Deep convolutional neural networks are found to be vulnerable to subtle adversarial perturbations. This adversarial vulnerability prevents the deployment of deep neural networks in security-sensitive applications such as medical, surveillance, autonomous driving and military scenarios. This paper first presents a holistic view of security issues for deep convolutional neural network-based image recognition systems. The entire information processing chain is analyzed regarding safety and security risks. In particular, poisoning attacks and evasion attacks on deep convolutional neural networks are analyzed in detail. The root causes of adversarial vulnerabilities of deep recognition models are also discussed. Then, we give a formal definition of adversarial robustness and present a comprehensive review of adversarial attacks, adversarial defense, and adversarial robustness evaluation. Rather than listing existing research, we focus on the threat models for the adversarial attack and defense arms race. We perform a detailed analysis of several representative adversarial attacks on SAR image recognition models and provide an example of adversarial robustness evaluation. Finally, several open questions are discussed regarding recent research progress from our workgroup. This paper can be further used as a reference to develop more robust deep neural network-based image recognition models in dynamic adversarial scenarios.

Li Jintang,Gu Zishan,Peng Qibiao,Xu Kun,Chen Liang,Zheng Zibin

DOI: https://doi.org/10.1007/978-981-16-1288-6_6

2021-01-01

Abstract:Graph Neural Networks (GNNs) have shown to be vulnerable against adversarial examples in many works, which encourages researchers to drop substantial attention to its robustness and security. However, so far, the reasons for the success of adversarial attacks and the intrinsic vulnerability of GNNs still remain unclear. The work presented here outlines an empirical study to further investigate these observations and provide several insights. Experimental results, analyzed across a variety of benchmark GNNs on two datasets, indicate that GNNs are indeed sensitive to adversarial attacks due to its non-robust message functions. To exploit the adversarial patterns, we introduce two measurements to depict the randomness of node labels and features for a graph, noticing that the neighborhood entropy significantly increased under adversarial attacks. Furthermore, we find out that the adversarially manipulated graphs typically tend to be much denser and high-rank, where most of the dissimilar nodes are intentionally linked. And the stronger the attacks are, such as Metattack, the patterns are more apparent. To sum up, our findings shed light on understanding adversarial attacks on graph data and lead potential advancement in enhancing the robustness of GNNs.

Shen Wang,Zhengzhang Chen,Jingchao Ni,Xiao Yu,Zhichun Li,Haifeng Chen,Philip S. Yu

DOI: https://doi.org/10.48550/arXiv.1905.03679

2019-05-11

Abstract:Graph neural network (GNN), as a powerful representation learning model on graph data, attracts much attention across various disciplines. However, recent studies show that GNN is vulnerable to adversarial attacks. How to make GNN more robust? What are the key vulnerabilities in GNN? How to address the vulnerabilities and defense GNN against the adversarial attacks? In this paper, we propose DefNet, an effective adversarial defense framework for GNNs. In particular, we first investigate the latent vulnerabilities in every layer of GNNs and propose corresponding strategies including dual-stage aggregation and bottleneck perceptron. Then, to cope with the scarcity of training data, we propose an adversarial contrastive learning method to train the GNN in a conditional GAN manner by leveraging the high-level graph representation. Extensive experiments on three public datasets demonstrate the effectiveness of DefNet in improving the robustness of popular GNN variants, such as Graph Convolutional Network and GraphSAGE, under various types of adversarial attacks.

Machine Learning,Cryptography and Security