Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Self-Guided Robust Graph Structure Refinement

Yeonjun In, Kanghoon Yoon, Kibum Kim, Kijung Shin, Chanyoung Park

TL;DR

This paper proposes a self-guided GSR framework (SG-GSR), which utilizes a clean sub-graph found within the given attacked graph itself, and proposes a novel graph augmentation and a group-training strategy to handle the two technical challenges in the clean sub-graph extraction.

Abstract

Recent studies have revealed that GNNs are vulnerable to adversarial attacks. To defend against such attacks, robust graph structure refinement (GSR) methods aim at minimizing the effect of adversarial edges based on node features, graph structure, or external information. However, we have discovered that existing GSR methods are limited by narrowassumptions, such as assuming clean node features, moderate structural attacks, and the availability of external clean graphs, resulting in the restricted applicability in real-world scenarios. In this paper, we propose a self-guided GSR framework (SG-GSR), which utilizes a clean sub-graph found within the given attacked graph itself. Furthermore, we propose a novel graph augmentation and a group-training strategy to handle the two technical challenges in the clean sub-graph extraction: 1) loss of structural information, and 2) imbalanced node degree distribution. Extensive experiments demonstrate the effectiveness of SG-GSR under various scenarios including non-targeted attacks, targeted attacks, feature attacks, e-commerce fraud, and noisy node labels. Our code is available at https://github.com/yeonjun-in/torch-SG-GSR.

Self-Guided Robust Graph Structure Refinement

TL;DR

This paper proposes a self-guided GSR framework (SG-GSR), which utilizes a clean sub-graph found within the given attacked graph itself, and proposes a novel graph augmentation and a group-training strategy to handle the two technical challenges in the clean sub-graph extraction.

Abstract

Recent studies have revealed that GNNs are vulnerable to adversarial attacks. To defend against such attacks, robust graph structure refinement (GSR) methods aim at minimizing the effect of adversarial edges based on node features, graph structure, or external information. However, we have discovered that existing GSR methods are limited by narrowassumptions, such as assuming clean node features, moderate structural attacks, and the availability of external clean graphs, resulting in the restricted applicability in real-world scenarios. In this paper, we propose a self-guided GSR framework (SG-GSR), which utilizes a clean sub-graph found within the given attacked graph itself. Furthermore, we propose a novel graph augmentation and a group-training strategy to handle the two technical challenges in the clean sub-graph extraction: 1) loss of structural information, and 2) imbalanced node degree distribution. Extensive experiments demonstrate the effectiveness of SG-GSR under various scenarios including non-targeted attacks, targeted attacks, feature attacks, e-commerce fraud, and noisy node labels. Our code is available at https://github.com/yeonjun-in/torch-SG-GSR.
Paper Structure (47 sections, 5 equations, 21 figures, 13 tables, 1 algorithm)

This paper contains 47 sections, 5 equations, 21 figures, 13 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Works
  3. Robust GNNs
  4. Imbalanced Learning on Node Degree
  5. Problem Statement
  6. Proposed Method
  7. Graph Structure Refinement (GSR) Module
  8. Extraction of Clean Sub-graph (Phase 1)
  9. Challenges on the Extracted Sub-graph
  10. Loss of Structural Information
  11. Imbalanced Node Degree Distribution
  12. Dealing with the Challenges of Sub-graph Extraction (Phase 2)
  13. Graph Augmentation (Phase 2-1)
  14. Group-training Strategy (Phase 2-2)
  15. Training and Inference
  16. ...and 32 more sections

Figures (21)

  • Figure 1: Performance of (a) existing feature-based and multi-faceted GSR methods over structure (Meta 25%) and feature attacks (Random Gaussian noise 50%), (b) existing multi-faceted methods under different perturbation ratios. Cora is used. Meta: metattackmetattack.
  • Figure 2: Overall architecture of SG-GSR.
  • Figure 3: (a) Clean rate of the extracted edges and remaining edges over the ratio of extracted edges. (b) Node classification accuracy under structure attack and clean rate of extracted edges over the ratio of extracted edges. (c) Node degree distribution of original graph and extracted sub-graph. (d) Accuracy drop in node classification under attacks for high/low-degree nodes. (e) Imbalance ratio of $\tilde{\mathcal{E}}^{\text{aug}}$, $\tilde{\mathcal{E}}^{\text{aug}}_{\text{LL}}$, $\tilde{\mathcal{E}}^{\text{aug}}_{\text{HL}}$, and $\tilde{\mathcal{E}}^{\text{aug}}_{\text{HH}}$. Cora dataset is used. Struc. Attack indicates metattack 25% and Feat. Attack indicates Random Gaussian noise 50%.
  • Figure 3: Node classification under e-commerce fraud.
  • Figure 4: Ablation study on SE. Feat. Attack indicates Random Gaussian noise 50%.
  • ...and 16 more figures