Can Large Language Models Improve the Adversarial Robustness of Graph Neural Networks?
Zhongjian Zhang, Xiao Wang, Huichi Zhou, Yue Yu, Mengmei Zhang, Cheng Yang, Chuan Shi
TL;DR
The paper addresses vulnerability of GNNs to topology-based adversarial attacks and investigates whether LLMs can improve robustness. It finds that while LLMs alone can enhance robustness in some cases, overall accuracy suffers, motivating a robust purification approach. The authors propose LLM4RGNN, which distills GPT-4 into a local LLM to flag malicious edges and trains an LM-based edge predictor to add important edges, purifying the graph before GNN inference. Across multiple datasets and attacks (Mettack, DICE, Nettack, adaptive), LLM4RGNN consistently improves robustness and, in several cases, maintains accuracy above the clean-graph baseline, with favorable efficiency characteristics and scalability strategies. This framework broadens the practical utility of LLMs for graph-based security tasks and offers a pathway to more resilient graph learning in real-world applications.
Abstract
Graph neural networks (GNNs) are vulnerable to adversarial attacks, especially for topology perturbations, and many methods that improve the robustness of GNNs have received considerable attention. Recently, we have witnessed the significant success of large language models (LLMs), leading many to explore the great potential of LLMs on GNNs. However, they mainly focus on improving the performance of GNNs by utilizing LLMs to enhance the node features. Therefore, we ask: Will the robustness of GNNs also be enhanced with the powerful understanding and inference capabilities of LLMs? By presenting the empirical results, we find that despite that LLMs can improve the robustness of GNNs, there is still an average decrease of 23.1% in accuracy, implying that the GNNs remain extremely vulnerable against topology attacks. Therefore, another question is how to extend the capabilities of LLMs on graph adversarial robustness. In this paper, we propose an LLM-based robust graph structure inference framework, LLM4RGNN, which distills the inference capabilities of GPT-4 into a local LLM for identifying malicious edges and an LM-based edge predictor for finding missing important edges, so as to recover a robust graph structure. Extensive experiments demonstrate that LLM4RGNN consistently improves the robustness across various GNNs. Even in some cases where the perturbation ratio increases to 40%, the accuracy of GNNs is still better than that on the clean graph. The source code can be found in https://github.com/zhongjian-zhang/LLM4RGNN.