When Witnesses Defend: A Witness Graph Topological Layer for Adversarial Graph Learning
Naheed Anjum Arafat, Debabrota Basu, Yulia Gel, Yuzhou Chen
TL;DR
This paper addresses the vulnerability of Graph Neural Networks to adversarial perturbations by introducing WGTL, a topology-aware defense that uses persistent homology via witness complexes to capture robust, multi-scale graph shape information. WGTL integrates local and global topology encodings derived from landmark-based witness complexes and couples them with a robust topological loss to produce stable node representations, with formal stability guarantees under an attacker budget $\delta$. The approach demonstrates broad compatibility by boosting robustness across multiple GNN backbones and existing defenses, achieving substantial gains on six datasets and scaling to large graphs, while offering practical computation times. By bridging adversarial graph learning with PH-based representations, WGTL provides a principled, scalable framework for leveraging higher-order graph structure to counter perturbations, with promising avenues for time-evolving graphs and hypergraphs.
Abstract
Capitalizing on the intuitive premise that shape characteristics are more robust to perturbations, we bridge adversarial graph learning with the emerging tools from computational topology, namely, persistent homology representations of graphs. We introduce the concept of witness complex to adversarial analysis on graphs, which allows us to focus only on the salient shape characteristics of graphs, yielded by the subset of the most essential nodes (i.e., landmarks), with minimal loss of topological information on the whole graph. The remaining nodes are then used as witnesses, governing which higher-order graph substructures are incorporated into the learning process. Armed with the witness mechanism, we design Witness Graph Topological Layer (WGTL), which systematically integrates both local and global topological graph feature representations, the impact of which is, in turn, automatically controlled by the robust regularized topological loss. Given the attacker's budget, we derive the important stability guarantees of both local and global topology encodings and the associated robust topological loss. We illustrate the versatility and efficiency of WGTL by its integration with five GNNs and three existing non-topological defense mechanisms. Our extensive experiments across six datasets demonstrate that WGTL boosts the robustness of GNNs across a range of perturbations and against a range of adversarial attacks. Our datasets and source codes are available at https://github.com/toggled/WGTL.