一种面向图神经网络的图重构防御方法

陈晋音; 黄国瀚; 张敦杰; 张旭鸿; 纪守领

doi:10.7544/issn1000-1239.2021.20200935

一种面向图神经网络的图重构防御方法

¹(浙江工业大学网络空间安全研究院杭州 310023)
²(浙江工业大学信息工程学院杭州 310023)
³(浙江大学控制科学与工程学院杭州 310007)
⁴(浙江大学计算机科学与技术学院杭州 310007) (chenjinyin@zjut.edu.cn)

基金项目: 国家自然科学基金项目(62072406)；浙江省自然科学基金项目(LY19F020025)；公安部重点实验室2020年开放课题(2020DSJSYS001)

详细信息

中图分类号: TP183
计量
- 文章访问数: 824
- HTML全文浏览量: 6
- PDF下载量: 527
出版历程
- 发布日期: 2021-04-30

GRD-GNN: Graph Reconstruction Defense for Graph Neural Network

¹(Institute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310023)
²(College of Information Engineering, Zhejiang University of Technology, Hangzhou 310023)
³(College of Control Science and Engineering, Zhejiang University, Hangzhou 310007)
⁴(College of Computer Science and Technology, Zhejiang University, Hangzhou 310007)

Funds: This work was supported by the National Natural Science Foundation of China (62072406), the Natural Science Foundation of Zhejiang Province of China (LY19F020025), and the Key Laboratory of the Public Security Ministry Open Project in 2020 (2020DSJSYS001).

摘要

摘要: 近年来，图神经网络在图表示学习领域中取得了较好表现广泛应用于日常生活中，例如电子商务、社交媒体和生物学等.但是研究表明，图神经网络容易受到精心设计的对抗攻击迷惑，使其无法正常工作.因此，提高图神经网络的鲁棒性至关重要.已有研究提出了一些提高图神经网络鲁棒性的防御方法，然而如何在确保模型主任务性能的前提下降低对抗攻击的攻击成功率仍存在挑战.通过观察不同攻击产生的对抗样本发现，对抗攻击生成的对抗连边所对应的节点对之间通常存在低结构相似性和低节点特征相似性的特点.基于上述发现，提出了一种面向图神经网络的图重构防御方法GRD-GNN，分别从图结构和节点特征考虑，采用共同邻居数和节点相似度2种相似度指标检测对抗连边并实现图重构，使得重构的图结构删除对抗连边，且添加了增强图结构关键特征的连边，从而实现有效防御.最后，论文在3个真实数据集上展开防御实验，验证了GRD-GNN相比其他防御方法均能取得最佳的防御性能，且不影响正常图数据的分类任务.此外，利用可视化方法对防御结果做解释，解析方法的有效性.
- 图重构 /
- 对抗攻击 /
- 图神经网络 /
- 图表示学习 /
- 节点分类
Abstract: Recent years, graph neural network (GNN) has been widely applied in our daily life for its satisfying performance in graph representation learning, and such as e-commerce, social media and biology, etc. However, research has suggested that GNNs are vulnerable to adversarial attacks carefully crafted, leading the GNN model to fail. Therefore, it is essential to improve the robustness of graph neural network. Several defense methods have been proposed to improve the robustness of GNNs. However, how to reduce the attack success rate of adversarial attacks while ensuring the performance of the main task of the GNN still remains a challenge. Through the observation of various adversarial samples, it is concluded that the node pairs connected by adversarial edges have characteristics of low structural similarity and low node feature similarity compared with the clean ones. Based on the observation, we propose a graph reconstruction defense for graph neural network named GRD-GNN. Considering both graph structure and node features, both the number of common neighbors and the similarity of nodes are applied to guide the graph reconstruction. GRD-GNN not only removes the adversarial edges, but also adds edges that are beneficial to the performance of the GNN to enhance the graph structure. At last, comprehensive experiments on three real-world datasets verify the art-of-the-state defense performance of proposed GRD-GNN compared with baselines. Additionally, the explanation of the results of experiments and analysis of effectiveness of the method are shown in the paper.
- graph reconstruction /
- adversarial attack /
- graph neural network /
- graph representation learning /
- node classification

HTML全文

参考文献(0)

施引文献(14)

期刊类型引用(7)

1.	魏波，冯乃勤. 基于入侵诱骗的网络拓扑污染攻击防御研究. 计算机仿真. 2024(05): 410-414 . 百度学术
2.	金柯君，于洪涛，吴翼腾，李邵梅，张建朋，郑洪浩. 改进的基于奇异值分解的图卷积网络防御方法. 计算机应用. 2023(05): 1511-1517 . 百度学术
3.	宋国顺. 基于特征加权聚合的传感网络多模式攻击检测方法. 通化师范学院学报. 2023(10): 74-80 . 百度学术
4.	金柯君，于洪涛，李邵梅，张建朋. 基于注意力机制的图卷积网络防御方法. 信息工程大学学报. 2023(06): 718-724 . 百度学术
5.	刘勇. 基于图算法的定向越野数据智能分析系统设计. 自动化与仪器仪表. 2022(08): 159-164 . 百度学术
6.	张瑾，朱桂祥，王宇琛，郑烁佳，陈镜潞. 基于异质图表达学习的跨境电商推荐模型. 电子与信息学报. 2022(11): 4008-4017 . 百度学术
7.	吴翼腾，刘伟，于洪涛. 图神经网络的标签翻转对抗攻击. 通信学报. 2021(09): 65-74 . 百度学术