Graph deep learning models, such as graph convolutional networks (GCN) achieve remarkable performance for tasks on graph data. Similar to other types of deep models, graph deep learning models often suffer from adversarial attacks. However, compared with non-graph data, the discrete features, graph connections and different definitions of imperceptible perturbations bring unique challenges and opportunities for the adversarial attacks and defences for graph data. In this paper, we propose both attack and defence techniques. For attack, we show that the discrete feature problem could easily be resolved by introducing integrated gradients which could accurately reflect the effect of perturbing certain features or edges while still benefiting from the parallel computations. For defence, we propose to partially learn the adjacency matrix to integrate the information of distant nodes so that the prediction of a certain target is supported by more global graph information rather than just few neighbour nodes. This, therefore, makes the attacks harder since one need to perturb more features/edges to make the attacks succeed. Our experiments on a number of datasets show the effectiveness of the proposed methods.
翻译:图形革命网络(GCN)等图形深层次学习模型在图形数据上的工作表现显著。与其他类型的深层次模型类似,图形深层次学习模型经常遭受对抗性攻击。然而,与非图形数据相比,离散特征、图形连接和不可察觉的扰动的不同定义为对抗性攻击和图形数据防御带来了独特的挑战和机遇。在本文中,我们提出了攻击和防御技术。关于攻击,我们表明,通过引入能够准确反映某些特征或边缘在同时从平行计算中受益时被扰动的影响的综合梯度,离散特征问题很容易得到解决。关于防御,我们提议部分学习相近矩阵,以整合远节点的信息,从而使对某一目标的预测得到更多全球图形信息的支持,而不仅仅是几个相邻节点的支持。因此,攻击变得更难,因为需要渗透更多的特征/边缘才能使袭击成功。我们对一些数据集的实验显示了拟议方法的有效性。