Explainability-Based Adversarial Attack on Graphs Through Edge Perturbation

TL;DR

This study addresses the vulnerability of graph neural networks to adversarial attacks by introducing an explainability-based edge perturbation strategy. It identifies important subgraphs using GNNExplainerying and PGExplainer, then performs edge insertions between nodes of different classes and deletions within the same-class important regions to degrade node classification performance under test-time perturbations. Across three architectures (GCN, GAT, GraphSAGE) and three datasets (Cora, CiteSeer, PubMed), inserting inter-class edges within the important subgraph yields larger misclassification rates than intra-class deletions, with GraphSAGE showing particular strength on larger graphs. The results highlight the value of explainability-driven attack design and suggest targeted defenses focusing on vulnerable subgraph structures to improve GNN robustness.

Abstract

Despite the success of graph neural networks (GNNs) in various domains, they exhibit susceptibility to adversarial attacks. Understanding these vulnerabilities is crucial for developing robust and secure applications. In this paper, we investigate the impact of test time adversarial attacks through edge perturbations which involve both edge insertions and deletions. A novel explainability-based method is proposed to identify important nodes in the graph and perform edge perturbation between these nodes. The proposed method is tested for node classification with three different architectures and datasets. The results suggest that introducing edges between nodes of different classes has higher impact as compared to removing edges among nodes within the same class.

Figures (7)

• Figure 2: GNN training and inference for node classification under transductive settings. (Top) the node labels for test nodes are masked out with a train mask. The masked-out graph is passed through the GNN layers for training. Loss is calculated with the help of ground truth labels and model parameters are updated with backpropagation. (Botttom) In the inference stage, the test mask is applied followed by a forward pass through the trained model and inference for node classification is performed for the test node labels.
• Figure 3: Proposed method to identify the important edges and important nodes in the graph with explainability and rewire the graph. Start with the input graph $\mathcal{G}$ and train it for $T_{M}$ epochs under transductive settings. Then for each node $v$ from the node set $\mathcal{V}$ run the explainability model $E_{\phi}$ optimization for $T_E$ epochs to generate explainability mask $M^{v}_{E}$. Finally, combine the generated explainability mask to get a combined mask $M_{E}$ and perform edge insertions and deletions to get the rewired graph $\mathcal{G}_r$.
• Figure 4: $MCR(\%)$ vs $\gamma$ plot with GNNExplainer as the explainability algorithm (For visual clarity, only Cora and CiteSeer are shown).
• Figure 5: $MCR(\%)$ vs $1/\gamma$ plot with GNNExplainer as the explainability algorithm (For visual clarity, only Cora and CiteSeer are shown).
• Figure 6: (Top row) $MCR$ vs $\gamma$ plot with Cora dataset showing comparison between original Graph $\mathcal{G}$ and rewired graph $\mathcal{G}_r$ with GNNExplainer. (Bottom row) $MCR$ vs $1/\gamma$ plot with Cora dataset showing comparison between original Graph $\mathcal{G}$ and rewired graph $\mathcal{G}_r$ with GNNExplainer.