Improving Graph Neural Network Training, Defense and Hypergraph Partitioning via Adversarial Robustness Evaluation
Yongyu Wang
TL;DR
<3-5 sentence high-level summary> Graph Neural Networks are vulnerable to noise and adversarial perturbations in both graph structure and node features. The authors introduce spectral adversarial robustness evaluation to identify robust versus non-robust nodes and leverage this information across three pillars: robustness-aware GNN training, robustness-guided hypergraph partitioning, and robustness-strengthening defenses. Central to the approach are Laplacian-based eigen-structures and the Spade score, used to rank node robustness and drive selective training, subgraph construction, and label propagation. Across multiple GNN models and datasets, the methods yield notable accuracy gains, improved hypergraph partitioning on VLSI benchmarks, and stronger resilience against attacks, demonstrating the practical value of robustness-aware graph algorithms.
Abstract
Graph Neural Networks (GNNs) are a highly effective neural network architecture for processing graph-structured data. Unlike traditional neural networks that rely solely on the features of the data as input, GNNs leverage both the graph structure, which represents the relationships between data points, and the feature matrix of the data to optimize their feature representation. This unique capability enables GNNs to achieve superior performance across various tasks. However, it also makes GNNs more susceptible to noise and adversarial attacks from both the graph structure and data features, which can significantly increase the training difficulty and degrade their performance. Similarly, a hypergraph is a highly complex structure, and partitioning a hypergraph is a challenging task. This paper leverages spectral adversarial robustness evaluation to effectively address key challenges in complex-graph algorithms. By using spectral adversarial robustness evaluation to distinguish robust nodes from non-robust ones and treating them differently, we propose a training-set construction strategy that improves the training quality of GNNs. In addition, we develop algorithms to enhance both the adversarial robustness of GNNs and the performance of hypergraph partitioning. Experimental results show that this series of methods is highly effective.