A Lightweight Metric Defence Strategy for Graph Neural Networks Against Poisoning Attacks

Yang Xiao,Jie Li,Wengui Su
DOI: https://doi.org/10.1007/978-3-030-88052-1_4
2021-01-01
Abstract:Graph neural networks (GNN) are a specialized type of deep neural networks on graph structured data by aggregating the learned representations of node neighborhood, which has been widely applied in a variety of domains. However, recent studies demonstrate that using unnoticeable, artificially-crafted perturbations on graph structure can drastically damage the performance of GNNs. Hence, developing robust algorithms to defend poisoning attacks is of great significance. A natural idea to defend them is to delete perturbed edges from a poisoned graph and several efforts have been taken. However, current works either adopt specific threshold as a criteria to filter out poisoned effect for particular graphs or design quite complicated framework with higher time consumption, which can't well be scablable in practice. Thus in this work, we first investigate the distinction of perturbed edges and normal edges behaved on metric space, then design a defense strategy, called MD-GNN based on Jaccard similarity. Its core principle is to discern the perturbed edges via deleting those edges with lower metric values. Besides, to preserve the valuable information of graph structure and avoid the appearance of the single node during deleting process, MD-GNN deploy the minimum connectivity principle as the terminated condition. Extensive experiments on three real-world datasets show that MD-GNN can effectively preserve state-of-the-art performance of GNNs in the face of poisoning attacks with less time consumption.
What problem does this paper attempt to address?